SQL injection is one of the most common types of hacking and it is specifically targeted at database-driven websites or web applications which link to and interact with databases.
This attack is a type of code injection, where attackers exploit vulnerabilities in the site’s security measures to send special SQL queries to the database that can modify it and tables within it or in the worst case delete the whole database.
This attack occurs when the web-developers have failed to build in any checking or data validation functionality for the areas of the website where data from external sources can be inserted into the website. An attacker will add his own SQL statements in unprotected SQL queries that utilize data submitted by the user to look-up something in the database.
An unprotected statement would be:
$query =”SELECT * FROM users WHERE username =’aman’”;
An SQL injection query will result in the following attempt:
$query =”SELECT * FROM users WHERE username =” or’1=1’”;
The result returned here will be true, and thus the content of entire table users would be displayed.
In this type of php security issue, attackers can gain access to all the information in the database including usernames, names, passwords and other sensitive information as well.
To prevent from this security issue:
- The data must be validated, verified and cleaned up before it can enter the application.
- All the sensitive information such as passwords should be encrypted using SHA1 or SHA.
- Technical information can sometimes contain technical details that might reveal security vulnerabilities to an attacker; therefore, it must be removed from error messages.
- An attacker specifically looks to error messages to get information such as database names, usernames and table name so a user should disable error messages or can create their own custom error messages.
- A user can limit the permissions granted on the database and fewer permissions results lower chances of attack.
- A user may use stored procedures and previously defined cursors to abstract data access so that other users do not directly access tables or views.
- A user can prevent words such as ‘insert’, ‘update’, ‘drop’, and ‘union’ from being added to the database (these all being words which can alter tables and databases).