如何测试我的简单mysql登录表单以进行sql注入？

Question

I have created a simple login form for a project in PHP and mySQL. I read about security and info about SQL Injections and XSS. How can I test my form with these stuff ? I mean where I put it? I found something like this ' or 1=1– and SQL queries like

SELECT fieldlist
  FROM table
 WHERE field = '$EMAIL';

I know it's a silly question, but I don't know the answer!

Answer 1

You'd submit suspicious strings into your login form.

From there that string ' or 1=1- (or whatever you want to test) will be sent to your server, and PHP, if not set up properly, will send that string straight into your MySQL database, where if it's valid SQL, it will be executed.

Answer 2

for input input = $EMAIL the value asdf' or '1'='1 in the input and submit and see if you get true result or not.

So the query generated is

SELECT fieldlist
  FROM table
 WHERE field = 'asdf' or '1'='1';

To check if password is not empty or not.

if(!isset($_POST['password'])) 

Also doing this would be more better if

$username = trim($_POST['username']); //also turn magic quotes
            //or add slashes to prevent sql injection

$password = md5(trim($_POST['username'])); //encrypt the password


SELECT *
FROM user
WHERE username = `$username` AND
password = `$password` LIMIT 1;

if(mysql_num_rows($result)) //if the count is 1, then, the the user exists
//do the login

Answer 3

You would enter in the malicious code through the form itself, so that it gets sent to PHP, and then to MySQL. If the malicious code alters your query, then your code would be vulnerable to SQL injection. Take a look at mysql_real_escape_string() . Also, give this a read, to help you get started:

• http://en.wikipedia.org/wiki/SQL_injection
• http://www.php.net/manual/en/function.mysql-real-escape-string.php