Having trouble with anti injection

Question

Untam3d 0 Newbie Poster

15 Years Ago

I have this form, and this antinjection.
I have checked for anti injection in three places and it still is quite easily injectable.
Code:

<?PHP
$sql_server = "localhost"; //<-- MSSQL server address/ip
$sql_user = "sa"; //<-- MSSQL username
$sql_pass = "sa"; //<-- MSSQL password
$sql_data = "database"; //<-- MSSQL database
$conn=mssql_connect($sql_server,$sql_user,$sql_pass);
$xadb = mssql_select_db($sql_data,$conn);
$badchars = array(";", "'", "\"", "*", ".", "DROP", "SELECT", "UPDATE", "DELETE", "drop", 

"select","update","delete", "WHERE", "where", "INSERT", "insert");
$Data = '<html><p><p><b>Form Description</b><p>Enter Info Here:<br><form action=form.php 

method=post><input type=text name=test><br><br><input type=submit name=submit  value="Submit"></form></html>';
$char = $_POST['test'];
	if (isset($_POST['test'])){
      if(in_array($char, $badchars)) { die("INVALID CHAR!"); } else {
if(!in_array($char, $badchars)){
$ni = mssql_num_rows($findchar);
if ($ni = 1) { 
echo '<p>Blabla... <b>' , $char.' ID = ' , $findchar['ID'] , '<p>'; } else { die('ERROR'); 
	$findchar = mssql_query("select * from table where name = '$char'");
}}
}
}
echo $Data;
?>

Please note this is just test code... edited from my original, it may or may not fully work off the bat, but the basics are there.

The problem is it only stops injection if it is at the start with nothing in front of it or behind it... and even then, it doesnt stop ' placed anywhere, or semicolons placed at start.

I need all those things in bad word to make the php page die if it is entered in the form. Thanks!

php

2 Contributors
2 Replies
102 Views
16 Hours Discussion Span
Latest Post 15 Years Ago Latest Post by Untam3d

pritaeas 2,194 ¯\_(ツ)_/¯

15 Years Ago

I think you should do something like this:

$inject = false
foreach ($badchars as $bad) {
  if (strpos($char, $bad) !== false)
    $inject = true;
}

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Untam3d 0 Newbie Poster · Answer 1 · 2009-08-31T02:48:47+00:00

Thanks alot! After adding an { and } at the start and end of that if, and changing = true to = $inject + 1, and changing $inject = false to $inject = 0, and having it check to make sure $inject == 0 in an if... it works perfectly, exactly as I want it to, stopping most, if not all injections. Thanks alot!