Sql injection and how to validate it in php

Question

Is the following code vulnerable to Sql injections and how to validate it ?

$query=("select * from table2 where username = '$username'and password='$password'");
$result=  mysqli_query($connect, $query);
       $row=  mysqli_fetch_assoc($result);
    if  ($username==$row['username']&&$password==$row['password'])
    {
        header('location:header.php');//to go header
        }
else
{
    header('location:insert_p.php');}

Depends what $username and $password look like. But unless you're filtering them before passing them in, yes, definitely. — Yitzhak, Mar 03 '18 at 11:26
Worth reading: http://php.net/manual/en/function.filter-var.php — Yitzhak, Mar 03 '18 at 11:28
He didn't actually show us what's going on with either variable. He could be storing them in smiley notation for all we know. — Yitzhak, Mar 03 '18 at 11:29
Still a bad idea to write a query this way though. I would use pdo and bound variables after filtering the heck out of them. — Yitzhak, Mar 03 '18 at 11:33

score 1 · Answer 1 · edited Jun 20 '20 at 09:12

Yes, your code seems vulnerable to SQL injections. Look at this line:

$query=("select * from table2 where username = '$username' and password='$password'");

Here you are passing the variables $username and $password directly to the database. If $username contains a string like admin'; -- then there will be no check for the password.

How to validate?

Just make sure, that every variable you directly put into an SQL statement is safe.

Sql injection and how to validate it in php

1 Answers1

How to validate?

Other solutions?