[thelist] MySQL boolean search

Norman Beresford n.beresford at anansi.co.uk
Thu Oct 3 08:31:01 CDT 2002


I've just read the very interesting Open Web Application Security Project
guide to building secure web applications and it deals with this.  The
biggest threat you have to worry about is a SQL Injection attack.

Say you're searching on the value of a form field.  So you're SQL statement
looks like

SELECT * FROM tableSome WHERE valueSome = 'Value of formfield';

Now thats fine if someone puts in say a search phrase:

SELECT * FROM tableSome WHERE valueSome = 'Search Phrase';

But what if someone puts in a bit of sql.  Say they submit the value as "a
term';DROP TABLE tableSome;"

Now you're SQL statement looks like:

SELECT * FROM tableSome WHERE valueSome = 'a term';DROP TABLE tableSome;

You execute that and suddenly you've lost your table from the database.

Aside from attacks like this it makes your application far more likely to
break.  Without verifying user input they can include all sorts of horrible
characters which you just don't want.  For example if they include an
unescapaed single quote then that can play havock with any SQL statements
you might build with the input.

ie

SELECT * FROM tableSome WHERE valueSome = 'it's a sarch phrase";

http://www.owasp.org/ for more reading

Norman




More information about the thelist mailing list