2

Hello I just wanna ask about SQL injection currently I am working on a login page but I am getting a little problem about SQL injection I am currently testing a batched SQL code as shown below, I have not yet put an SQL parameter, but it doesn't seem to be working on an SQL injection. My validation is based on row count if it is equal to 0 it will destroy the session and redirected to the index again. The code seems to be working fine, but I am afraid why is it working properly without putting any SQL parameter to prevent SQL injection. I hope someone could explain it, thanks in advance

secured_page.php

<?php
// Start the session
session_start();

// Set session variables
$_SESSION["email"] = $_POST['email'];
$_SESSION["password"] = md5($_POST['password']);

if (isset($_SESSION['email'])){
    header('Location: profile.php');    
}
else {
    header('Location: index.php');  
}

?>

profile.php

<?php
// Start the session
session_start();
include('header.php'); 

include('db_connect.php');
$email = $_SESSION["email"];
$password = $_SESSION["password"];

$sql = "SELECT * FROM user where email = '$email' and password = '$password' LIMIT 1";

$result = $conn->query($sql);
echo $result->num_rows;

if ($result->num_rows > 0) {

    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"]. " - Name: " . $row["name"]. " " . $row["email"]. "<br>";
    }
} else {
    header('Location: unset_session.php');  
}

if (!isset($_SESSION['email'])){
    header('Location: index.php');  
}

?>
<br>
<a href="unset_session.php">Logout</a>

<?php 
$conn->close();
include('footer.php'); 
?>
Improve this question
4
  • Are you using mysqli or pdo ? Commented Dec 11, 2015 at 5:48
  • So your question is "Why can't I sql-inject something in this seemingly sql-vulnerable code?", correct? Then you should show us what you tried to inject. The answer can likely be figured out by dumping your $sql and of course knowing what's in the database. Commented Dec 11, 2015 at 8:11
  • "but it doesn't seem to be working on an SQL injection" - you need to be clearer on that and the rest of your question. It's hard to say what failed you, because there is no code to support your question. @jester Commented Dec 11, 2015 at 12:35
  • I have moved on. @ me if you need more help, I won't be keeping this tab open. Good luck Commented Dec 11, 2015 at 13:22

1 Answer 1

Reset to default
1

Do like this to prevent SQL Injection 

$sql = "SELECT * FROM user where email = ? and password = ? LIMIT 1";
$result = $mysqli->prepare($sql);

$result->bind_param("ss", $email, $password);

/* execute query */
$result->execute();
//Now you can use $result variable like you used before
echo $result->num_rows;

Learn more on preparing statements here : http://php.net/manual/en/mysqli.prepare.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

My problem is whenever I use sql inject I am getting a 0 row. And the algorithm seems to be working fine to prevent sql injection. But anyway thanks for answering and giving some code param :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.