First, I learn about sessions in PHP, then about "cleaning" a string and finally about MySql Injection. I remember that one day one of my friends tried to hack my databases and he failed... Why? Simple using of md5, sessions, and sanitizing my string.
So, first of all I give an example! If you have a simple script without md5 or anything, something like:
$username=$_POST[username];
$password=$_POST[password];
$login = mysql_query("SELECT * FROM user WHERE (username = $username) and (password =$password)");
if you try to input OR= as username and as pasword, youll access the database without any problem, with the username of the first user from table. Nice, right?
Ok... but now let try adding a function, like mysql_real_escape_string(). The example would look now like this:
$username=mysql_real_escape_string($_POST[username]);
$password=mysql_real_escape_string($_POST[password]);
$login = mysql_query("SELECT * FROM user WHERE (username = $username) and (password =$password)");
and if you input OR= youll have a surprise.
Ok, but now lets encrypt that login... so, Ill add sessions and md5.
And if you want the full login script that I used on my website and at all websites that I created, you can find it HERE.
0 comments:
Post a Comment