StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSql injection from form
text
Body
copied!<p>I test my site with Acunetix Web Vulnerability Scanner 8 and its say that i have 2 sql injection in my register page</p> <p>URL encoded POST input email was set to 1##xa7## URL encoded POST input username was set to 1##xa7##</p> <p>Error message found: supplied argument is not a valid MySQL result</p> <p>Php code for these two</p> <pre><code> $username = mysql_real_escape_string(trim($_POST['username'])); $email = mysql_real_escape_string(trim($_POST['email'])); if ($username==!preg_match('/^[a-zA-Z0-9._]+$/', $username)){ $error_stat = 1; $message_error .= 'Error:invalid username.'; } elseif (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) { $error_stat = 11; $message_error .= 'Error:invalid email.'; } </code></pre> <p>So how this can be vulnerable to sql injection </p> <p>@Pekka</p> <pre><code> $checkusername = mysql_query("SELECT Username FROM users WHERE Username = '$username'"); $checkemail = mysql_query("SELECT EmailAddress FROM users WHERE EmailAddress = '$email'"); $username_exist = mysql_num_rows($checkusername); $email_exist = mysql_num_rows($checkemail); </code></pre> <p>And if one of them exist to show error:</p> <pre><code><?php if ($error_stat > 0){ echo $message_error; }?> </code></pre> <p>If there is no errors</p> <pre><code>$registerquery = mysql_query("INSERT INTO users (Username, password, EmailAddress,Activation,registered) VALUES('".$username."', '".$password."', '".$email."','".$activation."','".$date."')"); </code></pre> <p>EDIT //</p> <p>So guys i make a another page with PDO and new error is:</p> <pre><code>SQLSTATE[HY000]: General error: 1267 Illegal mix of collations (cp1251_general_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '=' </code></pre> <p>This what the Acunetix show when i click on Launch the attack with HTTP Editor.And the username used by program is <code>1%c0%00xa7%c0a2</code></p> <p>PDO </p> <p>By the program the username is = 1%c0%00xa7%c0a2 and error is in line 32</p> <pre><code> line 30 $getMail = $dbh->prepare("SELECT EmailAddress FROM users WHERE username = :username"); line 31 $getMail->bindParam(':username', $username); line 32 $getMail->execute(); line 33 $rowMail = $getMail->fetch(); line 34 $email = $rowMail['emailaddress']; </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload