Tag Archives: php

Why mysql_real_escape_string() isn’t enough to stop SQL injection attacks!

Posted on by
1

We have all been there writing PHP code and trusting mysql_real_escape_string(). Alas it seems it is not enough, let us look at the example below ;

$id = “0; DELETE FROM users”;
$id = mysql_real_escape_string($id); // 0; DELETE FROM users
mysql_query(“SELECT * FROM users WHERE id={$id}”);

As you can see above simply using mysql_real_escape_string is not enough because the new output is in the end “0; Delete from users”.

However don’t fret dear reader because there is a solution! Make sure the $id is indeed only a number! This can be done by simply using the code below;

$id = “123; DELETE FROM users”;
$id = (int) $id; // 123
This way any string elements will simply won’t be added the system. Now a question may arise on how to make sure you don’t get injected with attack if the parameter is in fact a string. My answer is simply : USE THE FRICKEN SQL QUOTES! Like below;
$username = "DELETE FROM users";
$username = mysql_real_escape_string($username);
mysql_query(“SELECT * FROM users WHERE username='{$username}' ”);
The quotes will allow some protection.
I hope this helps you all! And please don’t tell newbies that mysql_real_escape_string() is enough! IT IS NOT!
Fork me on GitHub

From the beginning please

Posted on by
Reply

Hi there. Summer over and so is my work with the company RENKO ITH.  IHR. LTD. STI.. Worked for peanuts doing lots. Proud of it. Paid my school tuition with the peanuts. I think this makes my school a three ring circus :D .

Work was good and honest in RENKO. I wore three hats at all times ;

Continue reading

Knowing when to fold ( i.e. SSH is better than Telnet )

Posted on by
1

You have probably seen my  previous post on connecting to Telnet through PHP although it was a novel idea I have just learned that (from a Novell site. No pun intended.) Telnet is very insecure!! To make things clearer Telnet usually creates connections as below;

Telnet-Client-server-unencrypted

Up here you can see a hacker can sniff the client-server connection and actually steal the user name and password sent by client. This really won’t do since if someone can spoof/hack/attack our embedded system which we will be adding to home appliances things may go awry. i.e. you will start seeing automated vacuum cleaners attacking your cat. ( Statistics show that H4X0Rz hate cats. )

Hence we can clearly see we need another way for the server and client to talk to each other. After some short Googling I am thinking of using SSH which is native to Linux/Unix based systems. Where the connection will be as below ;

SSH-client-server-encryptedAs you can see the SSH encryption creates a safer environment for the client and the server plus any DNS attacks and eavesdropping is clearly impossible. (if not probable.)

Henceforth a new PHP and Python (this time I will write the server+client in Python) shall be written. Please expect updates.

Connecting to PHP using telnet and sending data to the same port using Java

Posted on by
2

Hi there! Have been busy busy busy. What I needed was a way to the following;
Very Simple LayoutAbove you are looking at a very simple layout. ( Almost childishly simple ) The embedded device has Linux installed with a supposedly very light JVM ( Java Virtual Machine ) So if I am to send data to and from the server and display it to the user I have to do some scripting both in Java and in PHP. Let us first take a look at our universal Java-Socket program which basically opens and listens to a certain port (socket );

Continue reading