What is Url Injections?

Basically url injections is someone who tries to manipulate your database using the url.

For instance if your url is www.domain.com/index.php?id=1

Somewhere in the php of the site will be a section which calls the id and inputs it into the database to get the results needed for the string provided.

for instance a bad coder would make this string vulnerable to the database by doing this.

	$id = $_GET["id"];
	sql = "SELECT * FROM databasetable WHERE id='$id'";

which means its dragging anything that is put into the url and inputting it into the database!

Even a novice hacker could get into your server and get to all the websites, users and passwords stored within the server,
database with this code.

A lot of people are stating that all you need to do is use the mysql_real_escape_string() to rectify this but that is not true.

The only way to stop url injection is to use functions like:

	trim();
	strip_tags();
	htmlentities();

As well as making sure that the number coming though is infact a number.

The mysql_real_escape_string() is to help protect your database from such attacks but using the others safeguard against harsher attacks.

How To Prevent Url Injections


The way i suggest is to use the following:

if(isset($_REQUEST["id"])){

	if(!is_int($_REQUEST["id"])){
        
		//redirect this person back to homepage
      
     } else {
     	
        $id_raw = trim(htmlentities($_REQUEST["id"]));
        $id_secure = mysql_real_escape_string($id_raw);
        $sql = "SELECT * FROM databasetable WHERE id='".$id_secure."'";
     
     }

}

Ok, what was done here is:

It first checks if the id is present.
If the id is present lets make sure its a integer/number
If its not a integer/number then redirect code would need to be placed within this section to redirect person to homepage.
If the id is a integer/number then go forth!
Now we are taking the white spaces from the start and end of the id that was submitted and then making sure that if by a miracle some code got through
it would then make all '" chars html variables.

For instance a < in html is infact < in html. This is safe in sql.

Now its made it html and stripped spaces we now us the mysql_real_escape_string() which takes out injection strings.

This has now made it safe to input into the database and prevent url injections.

Hope this helped you out and helps prevent your website from being hacked by this manor!


Premium WordPress Themes & Html Templates From $5
  • PORTA - Responsive Portfolio WordPress Theme
  • Lecia The Responsive Bootstrap WordPress Theme
  • Alfie - Responsive Bootstrap Html Template
  • Alfie The Responsive Bootstrap WordPress Theme
  • Folio - Responsive Photographers Wordpress Theme
  • Moot Responsive Wordpress Theme
2 Comments
  • Nikki

    Nikki - 5th Jan 2012 at 22:54pm - REPLY

    Thanks, recently been had by this so this will help me in future!

  • Web Development Company

    Web Development Company - 21st April 2012 at 12:15pm - REPLY

    Great, Very nice tutorial, I like don't know about that.

    Thanks for giving such an important coding. I always use this when i needed the data from database using id.

    Thanks again for nice tutorial.

Leave a Comment

You may use these html tags : <b>, <a href>, <i>, <em>, <br>

* required
This is a unique website which will require a more modern browser to work! Please upgrade today!