how to do test with sql injection

Question

how to do test with sql injection

Navigation

#1 by (2 votes)
#2 by (0 votes)

0

I want to do sql injection testing. For this, I created a db called person and a table called users. I am passing some sql statements to test the sql ingest. It gives error, but does not execute the query:

database connection file:

connection.php

$server="localhost";  
$user="root";  
$password="";  
$database="pessoa";  

//conexao com servidor de banco  
$connect = mysql_connect($server, $user, $password) or print(mysql_error());  

//se a conexao falhar  
if (!$connect) {  
echo "Conexão com servidor errou";    
}  

else {  
    //usar database  
$selectDB = mysql_select_db($database, $connect);     

//se database falhar  
    if (!$selectDB) {  
echo "Conexão com o banco errou";     
    }  
}

index.html file

<html>  
<body>  

<form name="buscar" id="buscarId" action="server.php" method="post">  

<label for="Nome">Nome</label>  
<input type="text" name="nome" id="nomeId">  

<input type="submit" value="Buscar">  
</form>  >
</body>  
</html>

server.php file

<?php  

include('connect.php');  

buscar();  

function buscar() {  
   echo "<p>";  
   $select = "select * from usuarios where nome='$_POST[nome]'";      
   $query = mysql_query($select);  
   $rows=mysql_num_rows($query);  

   if ($rows==0) {  
      echo "Nome não encontrado";  
   } else {   
      while ($dados=mysql_fetch_array($query)) {  
         print_r($dados);  
      }  
   }  
}  
?>

In the form that looks for the name, instead of entering the name, I put a query:

select * from users

Of course this is not a command for the bank, it is a search because it is in single or double quotation marks:

select * from usuarios

gives the error:

(!) Warning: mysql_num_rows () expects parameter 1 to be resource, boolean given in \ path \ folder.

I already did:

$select = "select * from usuarios where nome='.$_POST[nome].'";

debugging gets:

select * from usuarios where nome='.select * from usuarios.', ou seja, não executa o que está em $_POST;

And I also did:

$select = 'select * from usuarios where nome=$_POST[nome]';  

Também não funciona. Só não entendi porque tem que concatenar.

php sql-injection

asked by anonymous 05.05.2016 / 16:33

2 answers

What is the [HttpGet] statement for? [duplicate] Excess symbol% within LIKE

score 2 · Answer 1

When you say:

"select * from usuarios where nome='$_POST[nome]'"

You are sending the following command to the database:

select * from usuarios where nome='$_POST[nome]'

If you want to concatenate the contents of a variable in the string, instead do this:

"select * from usuarios where nome='" . $_POST[nome] . "'"

~~(or whatever you PHP programmers do their concatenations;))~~ (Thanks guys for showing me that concatenation in PHP is dotty!)

So the PHP engine will not consider the $_POST[nome] excerpt as a literal string.

Good luck!

score 0 · Answer 2

mysql_num_rows () expects parameter 1 to be resource, boolean given

It happens due to an error in the query, usually syntax, to bump your code, first close the select, add the terminator and send a new statement (drop / trucate / delete etc).

The content of $_POST['nome'] must be '; delete from usuarios;

Example, with an updated driver (PDO) but using inadequate techniques, the value of $_GET['id'] is in this example ; drop table livros . See the result the information in the book is displayed on the screen but the table no longer exists.

<?php
$db = new PDO('mysql:host=localhost;dbname=teste', 'usuario', 'senha');
$sql = 'SELECT * FROM livros WHERE id = '.$_GET['id'] ;
$stmt = $db->query($sql) or die(print_r($db->errorInfo()));
print_r($stmt->fetchAll(PDO::FETCH_ASSOC));

How to prevent SQL injection in my PHP code