Some background: I have taken a few measures to prevent SQL injection on my PHP/MySQL setup (currently WAMP for development, but will be LAMP for production server): - In my users table, I have entered a "bad" user, with all the fields equal to 0. - this is the first user in the table - if a hacker tries to enter ' or ''=' in the uname field: - (theoretically,) "bad" user will be first result, and - (theoretically,) # of results will also be greater than 1 (more than 1 user) - (theoretically,) the following code will prevent said hacker from gaining unauthorized access - mysql_real_escape_string() function will be used to escape input when site is launched, but right now it is not in use to allow testing of common SQL injection methods. - I have read that mysql_real_escape_string() has some vulnerabilities. - I know mysql_real_escape_string() is more secure than addslashes().
/* // This block will be uncommented after development
$u = mysql_real_escape_string($_POST[uname]);
$p = mysql_real_escape_string($_POST[pass]); */
// These lines will be replaced by commented block above after development
$u = $_POST[uname];
$p = $_POST[pass];
// I could add " order by uid asc" to the following query, to ensure 'bad' user listed first if SQL injection occurs, and to prevent hacker from using order by
$query = "select uid,uname,fname,lname,email,phone,other,pass from ads.users where uname = '$u'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
// if more than 1 row, SQL injection attempted (uname has 'unique' flag in database, so only safe to return 1 row)
if ($rows > 1) {
/* <<Do Stuff - Security Measures (ban IP, etc)>> */
die ("Error[20]: You have entered potentially harmful input. Security measures have
