This was marked as a duplicate, but I don't think that is a fair judgement. Again the question is being passed off with an easy answer... but it isn't the correct answer. If the "duplicate" answer is used from the actual post form, it does not work. It is rejected just like all the other attempts. I have actually used that answer multiple times, it appears on nearly every SQL injection cheat sheet. Please un-mark this as a duplicate.
This question is purely for understanding and not for use on accessing another site. I have read multiple times that MySQL escaping is not sufficient enough to protect yourself from SQL injections. So because of this I have setup multiple test pages to try SQL injection. I have succeeded in some, but never on one that uses the mysql_real_escape_string()
function.
I have researched and tried many examples from cheat sheets but cannot crack this, so I feel like it is plenty secure, or secure enough. Can someone give me an example? Maybe a reason as to why this login is insecure and an example input that would bypass the login and/or alter the table?
I plan to also use MySQLi. In this example I am using MySQL to also ask where this could cause an SQL injection problem compared to MySQLi (another statement made but I have never seen proven).
This is someone's chance to prove the insecurity rather than simply stating that it is insecure.
if (isset($_POST['aun'])) {
$username = mysql_real_escape_string($_POST['aun']);
$checkadminlogin = mysql_query("SELECT * FROM admin WHERE un='$username'");
$uncreds = mysql_fetch_assoc($checkadminlogin);
$pass = mysql_real_escape_string($_POST['apwd']);
//Line to get key for encrypting input password, used below as $keyinfo['op_value'];
$salt = $keyinfo['op_value'];
$fpass = sha1($pass . $salt);
if ($fpass == $uncreds['pwd']) {
echo 'Congrats, you logged in. Or hacked your way in. Whatever';
}
}
Also on a side note, couldn't you just replace all special characters to prevent any injections?