Home > database >  What is the user trying to do and how to protect against such things
What is the user trying to do and how to protect against such things

Time:03-24

I am seeing the logs and i see malicious request like http://www.*****.in/catalogue.php?storeid='nvOpzp; AND 1=1 OR (<'">iKO)) What is the user trying to do .

CodePudding user response:

If we urldecode the parameter value, it becomes a bit more readable and it's clear that it's a SQL injection attempt - the parameter becomes

Opzp; AND 1=1 OR (<'">iKO)

Demo: https://3v4l.org/apMJ7 .

See How can I prevent SQL injection in PHP? if you're not familiar with how to guard against that sort of thing. Basically you need to use prepared statements and parameterise all variable values which you incorporate into your queries.

  •  Tags:  
  • php
  • Related