Preventing SQL Injection Attacks with MySQL and PHP-2

Hello Friends !!

If you remember then in my older post on SQL injection, I was explain you basic of SQL injection and basic code to prevent SQL injection.

Today I will explain how to prevent SQL injection using encryption ?

I think you all use MySQL for database purpose.We add one variable named key . This Key is concatenate with original password.

There is one fieldtype md5. We will use this type to store password.

I list some steps for this method :

First of all create variable key which will used for concatenate with original password.

Ex : Password = abcde
key = ,:()#
After concatenatenation = abcde,:()#
When we conver this in md5 then it looks like this:
In md5 = 24358c5c865a0255e68a408df2592ec0

We store this as password in admin table.

When you check username and password, first you have to convert entered password in md5 and after this check this with stored password.

You can convert in md5 using this function :

$pass = md5(entered password);

First entered password is converted in md5 after this thie will check with passwordstored in database.

Suppose you enter password as ‘ OR ‘1′ = ‘1 , as my last post on SQL Injection, it may be login. But as per this post, whole string which you enter as password is converted in md5 and this md5 string is checked with original password which stored in database.Which is never become true.So you are 100% secure from SQL injection.

Note :- You have to remember you Key.If you can’t remember then you can also store this string in table and access as key.

  • Norbert

    thanks, this was helpfull, dugg

  • Norbert

    thanks, this was helpfull, dugg