Geek Answers Handbook

How to determine if a user tried to attack with SQL injection

I am familiar with using functions mysql_real_escape_string()and PHP FILTER_SANITIZEto prevent sql injections.

However, I am curious how I would define in a PHP script if user input was a likely attempt at SQL injection? This would be useful for tracking potentially malicious IP addresses.

+5
source share
9 answers

If the output mysql_real_escape_stringis different from the input, then the input contains unsafe characters. You might conclude that the user may have tried to attack, especially if the field in question is one where you usually expect a small number of insecure characters (such as a zip code).

But this may be because their name turned out to be Robert'); DROP TABLE Students; --.

Thus, in general, there is no way to do this, even close to reliable.

+6
source

The simple answer is: you cannot. Just write a code that suggests that the pitch will get hit, then you won’t be mistaken.

+2
source

, , SQL- ( ).

, , , GreenSQL DB Networks ADF-4200, , , "".

whitelisting , . , , . , whitelisting, , .

- mod_security, , whitelisting .

, , ( ) .

+2

'-' ';' ... , OR, AND, ( .. 100% , .

0

, , - , , , , .

0

!

!

sql , ( ) :

union
select
drop
--
;

, SQL-, , . , , , , , ! - .

0

:

  • , , .
  • .
  • (, mysql - (?)).
  • , .

, , .

0

(union, delete, drop, ...) . --, \n ( ), , . , - - .

(, , , ...), .

0

( )

EDIT. :

  • , , .
  • .
  • (, mysql - (?)).
  • , .

But in this way, you can detect potentially successful attack attempts, and not those that give a parsing error.

-4
source

More articles:


All Articles