For 2023 - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.
Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!
I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
What is an SQL injection attack?
It's where an unauthorised user enters illegal data that gets placed into an SQL command, with the purpose of changing the meaning of that SQL command. For example, you might use the SQL query
SELECT count(id) FROM user where uname = "xxxxxx" and pword = "yyyyy"
to validate a user name and password pair when someone logs in to your application, replacing the xxxxxx and yyyyy with the information the person enters on a form. In testing, that will work fine for you, but if your user were to complete the form so that:
becomes hack" or 1 = 1 -- "
then returned values will be greater than 0 ... probably allowing an unauthorised login.
How come there's this problem? This is what the command that's run has become:
SELECT count(id) FROM user where uname = "hack" or 1 = 1 -- "" and pword = "anything"
Anything after the -- sign is treated by most SQL engines as a comment (so the password is unchecked) and every line will match because 1 always equals 1!
Can you prevent this problem in your applications? Yes, absolutely, if you know of the potential problems and do something to avoid them. This isn't going to be a complete paper on SQL security, but you'll do well to start by \ protecting any " and ' characters that the user enters ... that way, your query will say "literally a " " or "literally a ' " rather than anything more dangerous. (written 2005-08-02, updated 2006-06-05)
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articlesS161 - Data Access and Security in MySQL 
Current MySQL and PHP paths and upgrades - (2005-01-28) 
The wrong MySQL - (2005-01-29) 
MySQL permissions and privileges - (2005-12-20) 
Checking for MySQL errors - (2006-03-15) 
What is an SQL injection attack? - (2006-11-27) 
MySQL - Password security (authentication protocol) - (2007-04-02) 
Images in a database? How big is a database? (MySQL) - (2009-05-28) 
Mysqldump fails as a cron job - a work around - (2009-06-30) 
Removing duplicates from a MySQL table - (2010-02-22) 
SQL - Data v Metadata, and the various stages of data selection - (2011-04-29) 
Checking MySQL database backups have worked (not failed) - (2015-01-10) 
Fixing damaged MySQL tables - Error 1712 and Error 2013 - (2015-01-25) 
Extracting data from backups to restore selected rows from MySQL tables - (2015-05-01) 
Web Server Admin - some of those things that happen, and solutions - (2015-05-10) 
Forgotten / lost MySQL root password - (2015-05-16)
Some other Articles
Horse's Mouth is a year oldHow to check that a string contains a number in TclFull circle - made it back to an old hauntNetlessWhat is an SQL injection attack?New in the shopssimplicity hides real sizeTraining course material - why we write our ownWhere now for dial-up providers?The next technologies
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page
This is a page archived from The Horse's Mouth at
the diary and writings of Graham Ellis.
Every attempt was made to provide current information at the time the
page was written, but things do move forward in our business - new software
releases, price changes, new techniques. Please check back via
our main site for current courses,
prices, versions, etc - any mention of a price in "The Horse's Mouth"
cannot be taken as an offer to supply at that price.
Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).