Beginner PHP Tutorial - 143 - Protecting the User Against SQL Injection Video Lecture | PHP for Absolute Beginners: From Novice to PHP Master - Web Development

hi this is Alex from PHP academy' de org
and I'm back with another tutorial for
the new Boston in this video we're going
to be looking briefly but importantly at
SQL injection within this application
there will be another video on SQL
injection that you can go and look at
but in this example we're logging and
user in but we're not protecting our
query now our query looks like this and
I've briefly spoken about the security
for this query now what's happening is
is that we're posting we're allowing
data to be freely posted into this form
and then what we're doing is we are
putting it into a query which will
actually allow anyone to perform an SQL
injection I'm not going to go into this
too much however what could happen is a
user could say specify this value for
username they could do a single
quotation mark and then they could say
or and then they could do two to single
quotation marks and then they could do
an equals and a single quotation mark
now what I'm highlighting in blue here
is possible to be entered into the
username or password field so if the
user was to enter this the query would
read true to some extent I mean we've
encrypted our password so you know we
can look at this either way but this
means that an SQL query can be performed
and like I said if you are not familiar
with SQL injections sorry not query the
query has been performed but SQL
injection can be perform if you're not
[Music]
familiar with this then either read up
about it or watch my other tutorial so
how what can we do to prevent somewhat
prevent SQL injection well what we first
of all need to do is think about a
function that will protect against and
this function is called MySQL real
escape string now what this does is it
will add slashes and escape characters
rather hence the name escape string the
look like look-alike characters that
might be used in an SQL injection attack
so first of all I'm going to end our
query here and just concatenate on and
then concatenate on the rest of the
query so I've just basically ended the
string concatenated on username and
concatenate on a start of the string so
this will work and so will our password
hash let's just end that start there so
you should be familiar with
concatenation now what I want to do is
in encase username and password hash
with this function so I'm going to say
MySQL underscore real underscore escape
underscore string and I'm going to do
the same with password even though we're
using the password as a password hash
I'm still going to do it so MySQL real
escape string
now bear in mind that this function can
only be used when we've opened a valid
MySQL connection so you couldn't use it
in everyday applications for example
just normal form validation where you're
not connecting to a database not
performing a query you need to connect
to a database beforehand so this
function has been particularly designed
for queries themselves so now we've
somewhat protected against off our query
let's go back and test if our login
still works so I'm going to log in as
Alex and my password is passed
one two three let's click log in and you
can see that you're logged in so we can
log ourselves out and write and via
Billy account we can do the same thing
so pass one two three log in and you're
logged in okay so that's a brief note on
how we're going to protect against our
SQL injection in our query but like I
said do research into this because there
are other ways to secure a lot better