-4

i want to ask how to fix from sql injection in the code below. I think the code that vulnerable to sql injection if i am correct. 

$result = mysql_query("SELECT * FROM newsevent order by date DESC");

This is the full code.This file come from newsview.php?id=200.Anybody can give advice from the code below and explain why the code below vulnerable tu sql injection.

<?php 
$page="video";  
require('include/header.php');  
require('include/config.php'); 
session_start(); 

$result = mysql_query("SELECT * FROM newsevent order by date DESC"); 
?> 

<section id="wrappermain"> 
    <div class="wrapper"> 
        <div class="gray-top">&nbsp;</div> 
          <div class="content"> 

        <h2>News and Events</h2> 

            <div id="video"> 
                <?php 
                    while($row = mysql_fetch_assoc($result)) 
                    { 
                        $no+= 1; 
                        $clk = $row['date']; 

                ?> 

                        <a class="h-cat" href = "newsview.php?id=<?php echo $row['id']; ?>"><?php echo $row['title']; ?></a> ( <a> <?php $date1 = $clk;    $date2 = time(); require('include/timestamp.php'); ?> </a>) 


                    <div class="vline">             
                    <div class="v-img"> 
                        <a href = "newsview.php?id=<?php echo $row['id']; ?>"> <img src = "images/newsandevent/<?php echo $row['image']; ?>" style = "height: 150px; width: 250px;" /> </a>    
                    </div> 
                    <div class="v-des">     
                        <?php echo substr($row['de'],0,225); ?><br/><span style="float:right;padding: 10px 0px;"> <a href = "newsview.php?id=<?php echo $row['id']; ?>"> Read more ... </a> </span>       
                     </div> 
                    </div> 
            <?php } ?> 

            </div> 

            <div class="right"> 
                <div class="white-lt"> 
                <div class="white-rt"></div> 
                    <div class="white-m"> 

                         <strong></strong> 

                        <div style="width: 150px;"> 
                        <?php $result = mysql_query("SELECT * FROM newslink order by id DESC"); 
                        while($row = mysql_fetch_assoc($result)) 
                        { 
                        ?> 

                        <?php echo $row['de']; ?> 


                        <?php } ?>  
                      </div>                                   
                   </div> 
                <div class="white-lb"> 
                <div class="white-rb"></div>  
             </div>    
            </div> 
            </div> 


            </div> 
         <div class="gray-bot">&nbsp;</div> 
    </div> 
</section> 
<?php  
require('include/footer.php');  
?>
Mahmoud Gamal
  • 78,257
  • 17
  • 139
  • 164
cupin06
  • 27
  • 6
  • 3
    Your code isn't vulnerable as you're not passing any user data to your query. You are however using a deprecated database API: http://www.php.net/manual/en/mysqlinfo.api.choosing.php – billyonecan Oct 30 '13 at 10:14
  • On this site you are supposed to search for the similar question before asking it – Your Common Sense Oct 30 '13 at 10:14
  • *sidenote:* stop using deprecated `mysql_*` functions. use [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) instead. – Raptor Oct 30 '13 at 10:15
  • If you observe SQL injections in your database, please look in header.php, config.php and footer.php. Maybe those include files do not do what the name implies. – Thomas Weller Oct 30 '13 at 10:35
  • @zer0fl4g the query you've posted in your question is not vulernable to sql injection because there is no user data. As pointed out in the answers below, any query which does pass user data **is** vulernable to injection – billyonecan Oct 30 '13 at 10:37
  • possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Fabio Antunes Oct 30 '13 at 10:38
  • @ThomasW. i have look at header.php. It has $query1= "select * from register where username = '$myuser'"; $myuser = $_SESSION['login_user'] – cupin06 Oct 30 '13 at 10:46

2 Answers2

1

Since you are not taking any inputs in your query there is no problem of sql injection.But if you are using any data(variables) in the query then you must be aware of sql injection.

You can prevent sql injection by using prepared statements.

Here you are using the query like SELECT * FROM newsevent order by date DESC.In this case there are no variables passed to the query.So there will not be any modifications in the query for ever.But if you are using a query like this

SELECT * FROM newsevent order by date DESC where some_column = '$variable'

Here say $variable is a data which can replace the value.So you must be aware of sql injections here.Also you can check the following answer which is the best rated one in the case of sql injection

  1. How can I prevent SQL injection in PHP?
Community
  • 1
  • 1
웃웃웃웃웃
  • 11,829
  • 15
  • 59
  • 91
0

SQL injection doesn't apply in this case, as you are not inserting user data in SQL statment.

However, your code is vulnerable to PHP code injection, if your table data is user inputted.

LS_ᴅᴇᴠ
  • 10,823
  • 1
  • 23
  • 46