aryanknp
Reputation: 1167
What is the the meaning and purpose of this unusual value in URL parameter?
I am looking at my server logs and I see malicious requests like this:
http://www.*****.in/catalogue.php?storeid=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO))
What is the user trying to do, and and how can I protect against such things?
Upvotes: 0
Views: 1581
Answers (1)
ADyson
Reputation: 62060
If we urldecode the parameter value, it becomes a bit more readable and it's clear that it's a SQL injection attempt - the parameter becomes
Opzp; AND 1=1 OR (<'">iKO)
Demo: https://3v4l.org/apMJ7 .
See How can I prevent SQL injection in PHP? if you're not familiar with how to guard against that sort of thing. Basically you need to use prepared statements and parameterise all variable values which you incorporate into your queries.
Upvotes: 3
Related Questions
- How can I prevent SQL injection in PHP?
- What is the maximum length of a URL in different browsers?
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- What is the difference between POST and PUT in HTTP?
- Use of PUT vs PATCH methods in REST API real life scenarios
- How does PHP 'foreach' actually work?
- "Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
- Are the PUT, DELETE, HEAD, etc methods available in most web browsers?