We have loads of blogs and tutorials to help fellow people who are wanting to know or learn about web design, from the novice to the expert, we aim to help all!
Basically url injections is someone who tries to manipulate your database using the url.
For instance if your url is www.domain.com/index.php?id=1
Somewhere in the php of the site will be a section which calls the id and inputs it into the database to get the results needed for the string provided.
for instance a bad coder would make this string vulnerable to the database by doing this.
$id = $_GET["id"];
sql = "SELECT * FROM databasetable WHERE id='$id'";
which means its dragging anything that is put into the url and inputting it into the database!
Even a novice hacker could get into your server and get to all the websites, users and passwords stored within the server,
database with this code.
A lot of people are stating that all you need to do is use the mysql_real_escape_string() to rectify this but that is not true.
The only way to stop url injection is to use functions like:
trim()
strip_tags()
htmlentities()
As well as making sure that the number coming though is infact a number.
The mysql_real_escape_string() is to help protect your database from such attacks but using the others safeguard against harsher attacks.
The way i suggest is to use the following:
if(isset($_REQUEST["id"])){
if(!is_int($_REQUEST["id"])){
//redirect this person back to homepage
} else {
$id_raw = trim(htmlentities($_REQUEST["id"]));
$id_secure = mysql_real_escape_string($id_raw);
$sql = "SELECT * FROM databasetable WHERE id='".$id_secure."'";
}
}
Ok, what was done here is:
It first checks if the id is present.
If the id is present lets make sure its a integer/number
If its not a integer/number then redirect code would need to be placed within this section to redirect person to homepage.
If the id is a integer/number then go forth!
Now we are taking the white spaces from the start and end of the id that was submitted and then making sure that if by a miracle some code got through
it would then make all </>'" chars html variables.
For instance a < in html is infact < in html. This is safe in sql.
Now its made it html and stripped spaces we now us the mysql_real_escape_string() which takes out injection strings.
This has now made it safe to input into the database and prevent url injections.
Hope this helped you out and helps prevent your website from being hacked by this manor!
This website is a dofollow blog, spammy comments will not be accepted!