I'm developing a website and I'm trying to secure the connection part.
I used the addslashes
function on $login
to stop SQL injection but some friends told me that's not enough security. However, they didn't show me how to exploit this vulnerability.
How can I / could you break this code? How can I secure it?
<?php
if ( isset($_POST) && (!empty($_POST['login'])) && (!empty($_POST['password'])) )
{
extract($_POST);
$sql = "SELECT pseudo, sex, city, pwd FROM auth WHERE pseudo = '".addslashes($login)."'";
$req = mysql_query($sql) or die('Erreur SQL');
if (mysql_num_rows($req) > 0)
{
$data = mysql_fetch_assoc($req);
if ($password == $data['pwd'])
{
$loginOK = true;
}
}
}
?>
addslashes()
as a mechanism to escape stuff in SQL queries. If you are learning from one of those, I suggest you try to find something more up-to-date and accurate. Also,extract($_POST)
is a nice example of vulnerability; don't do it! BTW, welcome to StackOverflow. – Álvaro Gonzálezextract()
function. What if there will beloginOk
field in the form?.. – Your Common Sense