PHP & JSP SQL Injection Remediations
Today We talk about PHP and JSP vulnerable code and how to solve quickly these problems.
Whenever an input is not monitored problems arise!
PHP:
This is a vulnerable php code; user inputs are inserted directly into the sql query:![image](/upload/php_jsp_sqli/php_vuln.png)
Using mysql_real_escape_string the problem is solved:
![image](/upload/php_jsp_sqli/php_reme.png)
JSP:
Here We have the page that gets the inputs and also the Java class that executes the query:![image](/upload/php_jsp_sqli/JSP_page_vuln.png)
![image](/upload/php_jsp_sqli/JSP_class_vuln.png)
In this case the problem is solved with PreparedStatement:
![image](/upload/php_jsp_sqli/JSP_class_reme.png)
Study hard and have fun :)