2

I'm trying to use SQL Injection on my local server.

My Script is:

$query="SELECT * FROM tbl_admin WHERE admin_name ='".$uname."' AND admin_password ='".$pwd."'";

Now when I'm using admin' OR '1'='1'"; # in name my query becomes

SELECT * FROM tbl_admin WHERE admin_name ='admin' OR '1'='1'"; #' AND admin_password ='*****'

When I check this query till 1 it is working fine. But not working in script.

I'm not getting quotes issue. Can anyone help me?

4
  • I wrote a bit of an answer on SQL injection you might want to read: stackoverflow.com/questions/12859942/… Commented Mar 20, 2014 at 10:42
  • Instead of OR '1'='1'"; #, pass ' OR 1=1;-- in the injection, it won't work if you dont close the first quote of admin_name='. Commented Mar 20, 2014 at 10:47
  • You might want to read up on general SQL Injection. PHP.net has some interesting material, particularly converting the type of string you use in order to try counter the Injection: php.net/manual/en/security.database.sql-injection.php Commented Mar 20, 2014 at 10:52
  • Why do you add extra quotation mark in your input? try with admin' OR '1'='1'; # Commented Mar 20, 2014 at 11:02

2 Answers 2

3

I think the information in your question is wrong:

SELECT * FROM tbl_admin WHERE admin_name ='".$uname."' AND

putting in admin' OR '1'='1'"; # makes it:

SELECT * FROM tbl_admin WHERE admin_name ='admin' OR '1'='1'"; #' AND

Which is wrong (PHP) syntax because of the final double-quote ".

If you put in ' OR 1=1;--, output is compliant to the PHP syntax:

SELECT * FROM tbl_admin WHERE admin_name ='' OR 1=1;--' AND

Update:

Due to invalid edits of the original question, my answer does not fit to the rolled back revision.

answered Mar 20, 2014 at 10:52

2 Comments

Somebody botched up the bad username in an edit. The original value which the OP posted was admin' OR '1'='1'"; #, which would correctly inject the OR '1'='1' clause. Could you please edit your answer accordingly?
@Carsten I rolled the question back to the original code, thx for the hint
-2

use this function mysql_real_escape_string in your query so avoid sql injection.

Recommend to use MySqli extension for better security.

1 Comment

Please read questions and not blindly answer because of the familiar words you have seen in it.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.