I just want to know if there's a way of making your code using mysql_* safe for SQL Injection.
I have this code inside my log.php:
$username = $_POST['username'];
$password = $_POST['password'];
$status = $_POST['status'];
include("conn.php");
if($username && $password)
{
$query = mysql_query("SELECT * FROM student_users WHERE username='$username'");
if($query!=0)
{
while($rows = mysql_fetch_assoc($query))
{
$db_username = $rows['username'];
$db_password = $rows['password'];
}
if($username == $db_username && $password == $db_password)
{
header("location: stud.php");
$_SESSION['username'] = $db_username;
$_SESSION['stud_num'] = $db_stud_num;
break;
}
}
}
How can I test this for SQL Injection?
I found a out some ideas that http://127.0.0.1/test/index.php?username=%27%20or%201=1%20/*&password=1 can use to test my website for SQL injection vulnerabilities. But doesn't worked.
I also try typing inside the input fields 1 OR 1 = 1; -- but still doesn't work.
I know that it maybe because of the condition I set inside my code but how can I know other hackers strategy for SQL Injection?
maybe just give me some easy-to-use tools for testing local websites.
Thanks for enlightening me :D
Try not using mysql_* code. If you have beginning of the project rewrite all code to mysqli or PDO. (PDO is better.)
If you want to use mysql_* use mysql_real_escape_string in all input field.
You can read more Here