-1

I saw a lot of websites in google on which i found vulnerability for SQL injection. Of course most of them were index.php?id=1 or something similar. Why is it that something tells me that even if i use prepared statement on such page, i will still be vulnerable for SQL injection? I mean... how can there be so many websites vulnerable for SQL injection. Is that link safe if i use prepared statements?? Seeing so many vulnerable sites using such link just blows my mind. I ask myself, there is no way people can be that stupid? How can they code so professional looking websites with vulnerabilities like this. I know how the prepared statements work. When you use prepared statements, you prevent the database to read the input as code. It's just the fact that i saw so many websites vulnerable for attacks.. it made me have heavy doubts in my mind about my website. I use exactly the same method for my users page, here is my code.

<?php
// Setting the input ID to variable
if(isset($_GET['id'])){
$the_input_id = $_GET['id'];
}else{
header("location: ?page=error1");
exit;
}

global $db;
$stmt = $db->prepare("SELECT * FROM users WHERE id=:id");
$stmt->execute([':id' => $the_input_id]);
$result = $stmt->fetchAll();
$db = null;

// Checking if there is result ...
if (!$result){ // If there is no result ...
    header("location: ?page=usernotfound");
    exit;
}else{ // If there is result ...
    // Show the user profile
}

?>

This is the code from my users page, this is based on the user's input but as you can see i am using prepared statement. I am still worried about it. Maybe there is something more that i need to know about the security? I keep having heavy doubts in my mind after the sites i saw today.

I also saw some forums that are not using links like index.php?id=1. They use something like this "www.randomforum.com/index.php?/user/1029498/". Well, how does that work? That link cannot be SQL injected i think. I am not so experienced in this so i need someone to explain to me how does that kind of link work. I think that works the following way:

-Each time user gets registered, a new file get's created in the "user" folder. The file name is the ID of the account of the user. And that file just contains the user's page.

This is my explanation of how that forum works... but i am sure i am wrong. Please give me some opinions. Thank you for your time.

Black Sun Phoenix Entertainmen
  • 75
  • 9
  • It's not a duplicate, i also ask 2 questions here. – Black Sun Phoenix Entertainmen Mar 15 '19 at 15:02
  • 1
    Posts on Stack Overflow should only ask one question at a time, and the duplicate I suggested is a comprehensive guide for preventing SQL injection in PHP. If you have a _specific_ question, please ask it _in its own post as clearly as possible_. Burying multiple questions in a wall of text makes it hard to understand what you're asking. The easier you make it for us to understand your question the more likely you are to get a helpful answer. See [ask]. – ChrisGPT was on strike Mar 15 '19 at 15:04

1 Answers1

0

From my experience, the best way to keep your site 99% safe from these sorts of attacks is to:

1) Escape parameters in mysql queries. You are currently doing this. Prepared statements will escape it for you, as long as you put them in the execute([]) array.

2) Escape HTML on output. If someone inserts HTML into your table, you need to escape its output. The best way of doing this is to use htmlspecialchars()

More info here: http://php.net/manual/en/function.htmlspecialchars.php

3) GO OVER ALL OF YOUR CODE! You want to make sure you aren't accepting raw user input, as one faulty form could ruin it all.

The site creators you're talking about may be really good at creating form styles, but MAY need a little more help with their php coding.

Good luck with your site!

Brixster
  • 89
  • 1
  • 6