SQL Injection is one of the most common security vulnerabilities on the web. Here I’ll try to explain in detail this kind of vulnerabilities with examples of bugs in PHP and possible solutions.
If you are not so confident with programming languages and web technologies you may be wondering what SQL stay for. Well, it’s an acronym for Structured Query Language (pronounced “sequel”). It’s “de facto” the standard language to access and manipulate data in databases.
Nowadays most websites rely on a database (usually MySQL) to store and access data.
Our example will be a common login form. Internet surfers see those login forms every day, you put your username and password in and then the server checks the credentials you supplied. Ok, that’s simple, but what happens exactly on the server when he checks your credentials?
The client (or user) sends to the server two strings, the username and the password.
Usually the server will have a database with a table where the user’s data are stored. This table has at least two columns, one to store the username and one for the password. When the server...