Reputation: 14048
Does this PHP code open up a website to SQL Injection
I'm working on a web app and I came across this code snippit
$email=$_POST['email'];
$pass=$_POST['pass'];
$pass=md5($pass);
$query=mysql_real_escape_string($email,$link);
//echo $query."<br>";
$sql=mysql_query("SELECT pass FROM users WHERE email='".$email."'",$link);
if($row=mysql_fetch_array($sql))
{
I think the programmer intended $query=mysql_real_escape_string($email,$link); to be $email=mysql_real_escape_string($email,$link);
Do I have the right idea here?
Upvotes: 3
Views: 166
Answers (3)
Reputation: 2457
to prevent from blind SQL , wrap your POST data with tow more filters:
$email = mysql_real_escape_string(strip_tags(stripslashes($email)), $link)
Upvotes: 1
Reputation: 225054
Yes, you're absolutely right - just correct that part, like you said, by changing it to
$email = mysql_real_escape_string($email, $link);
, and that will protect against SQL injection there.
On a side note, I suggest you use hash("sha512", xxx) instead of md5 because MD5 is becoming obsolete. If your column size doesn't allow for that though and you don't have the ability to change it, it's still OK.
Upvotes: 5
Reputation: 61755
Yes, $email is set, but then not filtered, it's used directly in the query. As you pointed out, it looks like an error as the filtered value is not being used in the query.
Upvotes: 2
Related Questions
- is my code vulnerable to SQL injection
- Is this Code Exploitable? (PHP)
- How dangerous is this PHP code?
- Is my PHP Code Secure
- PHP SQL Injection - Is This Code Sufficiently "Safe" from That?
- SQL injection attempt - is my code vulnerable?
- PHP and SQL Injection
- Is this code vulnerable to SQL injection attacks?
- SQL injection: Is this line safe?
- Is this vulnerable to SQL injection