Results 1 to 12 of 12
  1. #1
    Join Date
    Apr 2005
    Posts
    537

    Easy Way to check for sql injection?

    hello,
    ive got a site with quite a high number of pages and sql commands and im wondering if theirs an easy way to scan my code for potentional sql injection faults rather than havignto go via every page

  2. #2
    Join Date
    May 2009
    Posts
    766
    Probably not, but it might help to know what language you're using and what db routines you're using

  3. #3
    Join Date
    Apr 2005
    Posts
    537
    Usings php/mysql

  4. #4
    Join Date
    Apr 2009
    Location
    Pittsburgh, Pennsylvania
    Posts
    583
    Is everything being properly escaped?

  5. #5
    Join Date
    Feb 2006
    Location
    Buffalo, NY
    Posts
    1,501
    Use / make a database class that does the filtering for you.. then utilize that class in your application.

    End result: no SQL injections
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Official Let's Encrypt Sponsor

  6. #6
    Join Date
    Nov 2003
    Location
    Marylebone, London, UK
    Posts
    530
    Any php page where you're only querying db, use a mysql user to connect who only has SELECT privilege. (In addition to the usual security mentioned above of course).

  7. #7
    Join Date
    May 2009
    Posts
    766
    All valid ideas...however none of them answer the op's orignal question. It would be interesting to see a PHP module that acted like Perl's -T flag: all variables were considered tainted until a validation method had been performed. Imagine if php would automatically trigger an error if you attempted to pass a unchecked var into mysql_query, system or exec...

    Alternatively, you could write a routine that first recognizes all variables being passed into mysql_query and then checks to make sure they've been put through mysql_real_escape_string before the db call.

  8. #8
    Join Date
    Feb 2006
    Location
    Buffalo, NY
    Posts
    1,501
    Quote Originally Posted by mattle View Post
    All valid ideas...however none of them answer the op's orignal question. It would be interesting to see a PHP module that acted like Perl's -T flag: all variables were considered tainted until a validation method had been performed. Imagine if php would automatically trigger an error if you attempted to pass a unchecked var into mysql_query, system or exec...

    Alternatively, you could write a routine that first recognizes all variables being passed into mysql_query and then checks to make sure they've been put through mysql_real_escape_string before the db call.
    In my opinion that's no the job of the language - though it may be handy.
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Official Let's Encrypt Sponsor

  9. #9
    Join Date
    May 2009
    Posts
    766
    Quote Originally Posted by CodyRo View Post
    In my opinion that's no the job of the language - though it may be handy.
    If I expand your opinion to its extreme conclusion, there would be no need for even a syntax check flag on the CLI binary.

    Back in my Perl days, I would add -Tw and CGI::Carp qw/fatalsToBrowser/ to every script during development. Once I was satisfied that all of my inputs were being sufficiently cleaned, I would remove all that before putting it into production. To me, it serves the following purposes:


    1. It is invaluable for teaching people new to scripting how to really lock down your code.
    2. For seasoned vets, input sanitization is either completely natural or already handled by your Framework. Still, we make mistakes and it's nice to have the interpreter slap us on the wrist when something gets overlooked.

    As far as best practice is concerned, I agree that using/writing a DB class/Framework is the way to go. The reality of the matter is that PHP is a beginner's language, and it would be very nice to see a module that performed sanity checks on your code.

  10. #10
    Join Date
    Oct 2009
    Location
    Pearland, TX
    Posts
    15
    There are some character sequencies that are notorious to SQL injection.
    '' the double dash for commenting ext. Its best to scrub your data on the global ASAX level ( asp.net ) looking for certain patterns. Then blacklist any IPs that try something funny.

  11. #11
    Join Date
    Oct 2004
    Location
    Moji
    Posts
    2,107
    To be on the safe side, I would check each and every page.
    Also using prepared statements (check PDO extension of PHP) will save you a lot of headaches.
    DigiPun.ch
    An Awesome Digital Punch Clock
    Release date: October 1st

  12. #12
    Join Date
    Apr 2005
    Posts
    537
    looks like im going to have to do it by hand then , was hoping for a temoray way of logging the sql injections so i could narrow down the pages causing it.

Similar Threads

  1. Check forms for email and sql injection
    By Jatinder in forum Hosting Security and Technology
    Replies: 0
    Last Post: 09-12-2006, 02:57 AM
  2. Replies: 9
    Last Post: 12-11-2004, 11:22 PM
  3. Amazon.com - Easy way to check shipping?
    By RDX1 in forum Web Hosting Lounge
    Replies: 2
    Last Post: 05-06-2003, 05:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •