Section 5a.8. Your customer database is secure

5a.8. Your customer database is secure!

 PROJECT: CHAOS sends the same POST request, with the SQL injection string in it...     Hypertext Transfer Protocol     POST /placeOrder.php HTTP/1.1     Request Method: POST     Request URI: /placeOrder.php     Request Version: HTTP/1.1     Host: www.headfirstlabs.com     Keep-Alive: 300 Connection: keep-alive Content-Type:     application/x-www-form-urlencoded phone=' || 'a' = 'a

...but this time, your new-and-improved PHP stops the attack.

lookupCustomer.php

Now lookupCustomer.php only returns a single customer, and isn't vulnerable to most SQL injection attaks.

Frequently asked questions?

Q:	mysql_real_escape_string()? What in the world is that? Did I mention that I'm not a PHP programmer?
A:	`mysql_real_escape_string()` is a PHP function that escapes any special characters in a string, and makes that string safe to use in your SQL statements. It only works for MySQL databases, but you can find functions similar to this for all the major databases. And it's OK if you're not really familiar with PHP or these functions. Remember, the point is that you're talking to the programmers working on the server-side components of your app. Just tell them to be sure that they secure their scripts.
Q:	And all this is called SQL injection?
A:	SQL injection is just one type of security risk for web apps. When you have form fields that are used to build SQL queries, hackers often try and enter special stringslike the one you got from PROJECT: CHAOSto try and get information out of a database, or insert bad data into the database. The bad news is that there are lots of other types of attacks you have to worry about... but the good news is that with validation and a little security on the server, you can protect yourself against almost all of these attacks. So go forth, and secure!

SQL Injection is only the tip of the iceberg... we'll be back when you least expect it.

PROJECT: CHAOS