• 308- Earth Complex, Near Seema hall, 100 ft road, Ahmedabad
  • +91 84607 45118
  • info@bbitsol.com

Blog

By Admin January 25,2017

SQL Injection – Basics!

PHP is a widely-used server side scripting language in web development. And why is so? Not only because, it is easy to learn than other languages obviously but, also it is cost efficient, platform independent, supports all the major web servers, faster processing speed and there are a lot more advantages we can go on. But, how to provide security in your PHP websites is just another question? Many people think that PHP is not safe to use and anyone can intrude PHP websites. However, it’s not completely true. You can avoid such intruders from attacking your website by following a few security measures in your codes.

In this blog, we will brief you on one of the vulnerable techniques called “The SQL Injection”.

Inhabiting the security measures explained in this blog will make your PHP websites invulnerable from SQLi attacks.

The SQL Injection (SQLi)

OVERVIEW:
SQL injection is a technique to inject code in the data-driven web applications used by some attackers to get access to the database, to alter it or even delete data from it.

CAUSE:
The cause of SQLi is the loop holes left by the developers in their codes. SQLi happens also when the data validations are not carried out appropriately.

For example: using unprotected statements such as given below:

$query = “Select * From customer Where c_name=’Matt’”;

The above query is highly vulnerable although it might not seem to you. This query can let the attackers enter into your database easily. The above line of code can be broken down by the attackers as follows:

$query = “Select * From customer Where c_name= ‘ ‘ or ‘1=1’ “

In the above query as, 1=1 it would return the statement true and all the data from the table customer would be displayed. And thus, the intruder gets access to all the data of customers which might include their name, login credentials, contact numbers, address, billing history, credit/debit card numbers, etc.

SOLUTION:

  • Always validate your data before launching your application on the web. Never keep any invalid data in your database.
  • Always keep the passwords protected by encrypting it.
  • Hide the technical information displayed in the error messages on the browsers. Attackers generally look for such information to get advantage and hack into your database.
  • For this you can restrict some actions on users like insert, update, delete, truncate, union, drop, etc. this would limit the administrative rights on users to alter the data and so even if an attacker hacks into your database he won’t be able to alter or delete any data from your database.
Go Back

Binary Bakers IT Solutions

Web Design, Web Development & Maintanance
About Us

Binary Bakers IT Solutions is a leading IT solutions provider company with a development center in Ahmedabad, India. We are engaged in providing premium IT solutions services..

Company
Useful Link
Connect with Us
info@bbitsol.com
+91 84607 45118

Copyright © 2019 by Binary Bakers IT Solutions