Training, Open Source computer languages

PerlPHPPythonMySQLhttpd / TomcatTclRubyJavaC and C++LinuxCSS

Search our site for:
Print friendly page
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
What is an SQL injection attack?
An SQL injection attack is where a user of your form enters a piece of SQL code into it, and wraps it in special characters in such a way that the data entered doesn't get used for the purpose you had intended - it gets used to corrupt or destroy your database.

For example, if your form returns to $_REQUEST[message] and you write
INSERT into msgtab (message) values ("$_REQUEST[message]")
in your code, then without the appropriate precautions I could enter
Got you"); delete his database;
or words to that effect ... and that would be a nasty injection attack.

Note that most copies of PHP are configured with magic quotes on to insure against this kind of hole being left by newcomers to coding, and that my example - quite intentionally - doesn't exactly attack; rather, it shows the principle

As well as SQL injection attacks, Javascript can be injected too ... and even tags like <h1> can sometimes be injected to make the whole of the rest of a response page be shouted back at subsequent visitors to (say) a poorly written forum or chatroom.
(written 2006-11-27 06:01:24)

 
Associated topics are indexed under
S161 - Data Access and Security in MySQL
H113 - Using MySQL Databases in PHP Pages
H117 - Security in PHP

Back to
Look around this mouth.
 Previous and next
or
Horse's mouth home		 Forward to
Running an on line campaign

Some other Articles
What happened at Geekmas
Python and the Magic Roundabout
Sludge off the mountain, and Python and PHP
Running an on line campaign
What is an SQL injection attack?
Look around this mouth.
Code quality counts
Just ******* Google it
Matching within multiline strings, and ignoring case in regular expressions
Index of Pictures
1637 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
Public Course Enquiry / Booking
Courses that run regularly at our UK training Centre.
[Schedule] - [About] - [Book]
Related short articles
What to do if the Home Page is missing
What is an lvalue? (Perl, C)
Making PHP and MySQL training relevant to the course delegates
Database design for a shopping application (MySQL)
Joining MySQL tables revisited - finding nonmatching records, etc
What colour is the season?
Uploading to a MySQL database through PHP - examples and common questions
Downloading data for use in Excel (from PHP / MySQL)
Ongoing Image Copyright Issues, PHP and MySQL solutions
What have hotels and bananas got in common?
Perl, PHP, Python, Tcl, Linux, MySQL, Ruby courses ...
Connecting to MySQL 5 from PHP on Mac OSX Leopard
What makes our courses special?
Easy selection of multiple SQL conditions from PHP
MySQL - table design and initial testing example
What software version do we teach?
What we teach - expained for the non-technical
What is Expect?
Using PHP to upload images / Store on MySQL database - security questions
First Alternative / what has happened there?
Using a MySQL database to control mod_rewrite via PHP
Etag in http headers - what is it?
MySQL joins revisited
What do people look for on a hotel web site?
Apache, Tomcat, Jakarta, httpd, web server - what are they?
What country are you in? How we find out on our web site
If I say 'I am fine', what do I mean?
What proportion of our web traffic is robots?
Outputting numbers as words - MySQL with Perl or PHP
What are factory and singleton classes?
MySQL - the order of clauses and the order of actions
What brought YOU to our web site?
What are WEB-INF and META-INF directories?
What shape is your shake?
Helsinki - what comes naturally
MySQL - Password security (authentication protocol)
mysqldump and mysqlrestore
Apache httpd , browser, MySQL and MySQL client downloads
Injection attacks - safeguard your PHP scripts
What a relief from the tax office.
What the customer is looking for - effective training
.pdf files - upload via PHP, store in MySQL, retrieve
What happened at Geekmas
What is an SQL injection attack?
Display an image from a MySQL database in a web page via PHP
The LAMP Cookbook - Linux, Apache, MySQL, PHP / Perl
Browser -> httpd -> Tomcat -> MySQL. Restarting.
HTML tables - telling whats wrong from the display
Yes, but what do we do now??
Build on what you already have with OO
What to do during a Linux build
Huge data files - what happened earlier?
(Perl) Callbacks - what are they?
Viewing images held in a MySQL database via PHP
Testing you Perl / PHP / MySQL / Tcl knowledge
Python to MySQL
Denial of Service ''attack''
Checking for MySQL errors
Using a MySQL database from Perl
What is your business latency and potential?
Key facts - SQL and MySQL
Saving a MySQL query results to your local disc for Excel
What to do with milk
Combining similar rows from a MySQL database select
What backup is adequate?
MySQL permissions and privileges
MySQL - an FAQ
MySQL - JOIN or WHERE to link tables correctly?
What are DHCP and DNS?
SELECT in MySQL - choosing the rows you want
MySQL - a score of things to remember
Which MySQL server am I using?
Watch what you wear
Matching in MySQL
Javascript examples (some PHP and MySQL too)
What is an SQL injection attack?
What is a callback?
Central London Courses - Perl, PHP, Python, Tcl, MySQL
What brings people to my web site?
Spotting a denial of service attack
What language is this written in?
What - no switch or case statement?
What career opportunities for web designers
What they are saying about our OF COURSE newsletter
Getting a list of unique values from a MySQL column
NULL in MySQL
What and why for the epoch
The wrong MySQL
Current MySQL and PHP paths and upgrades
MySQL, Java, PHP and Linux - new technical articles
MySQL - Optimising Selects
MySQL - LEFT JOIN and RIGHT JOIN, INNER JOIN and OUTER JOIN
Aladdin, or careful what you wish.
mysql_connect or mysql_pconnect in PHP?
What makes a professional photographer?
Present and future MySQL
MySQL - nuggets
MySQL - Pivot tables
What do you look for in your IT trainer?
© WELL HOUSE CONSULTANTS LTD., 2008: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 707126 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho