Hi Casey,
> Question: What is an SQL injection crack
In its most basic form:
Imagine you have a script that looks up books in a database. The form to get
the book title has an <input> called "title". Imagine I type "vurt" as my
lookup phrase and click the submit button.
If your script accesses the database like this (it's in PHP, but hopefully
makes sense):
$q = mysql_query("SELECT title FROM books WHERE title = '". $title. "'");
Your SQL query looks like this:
SELECT title FROM books WHERE title = 'vurt'
Hopefully, so far so good.
However, if a l33t 13-year-old skript kiddy comes along, they might type
"aubergine'; DROP TABLE books; '" into your search form. What does your SQL
query look like now?
SELECT title FROM books WHERE title = 'vurt'; DROP TABLE books; ''
This is actually two queries in one - the second is malicious and has been
inserted sneakily by the cracker (hence the name "SQL injection").
> , and what did this developer do wrong to make his site
> so crackable?
Well, the simplest thing to do is escape all apostrophes - had I been doing
this in the example above it would have been rendered harmless. You can also
scan strings for table names, SQL keywords, semicolons, whatever.
Basically, don't use *anything* supplied by a user against your data until
you've checked it :-)
Cheers
Jon
____ � The WDVL Discussion List from WDVL.COM � ____
To Join wdvltalk, Send An Email To: mailto:wdvltalk-join@;lists.wdvl.com
Send Your Posts To: [EMAIL PROTECTED]
To change subscription settings to the wdvltalk digest version:
http://wdvl.internet.com/WDVL/Forum/#sub
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
