Tengo el siguiente código en mi newsview.php. Quiero saber por qué el código de abajo es vulnerable a la inyección de SQL. Ya probé la inyección de SQL en el código de abajo.
$id = intval($_REQUEST['id']);
$result = mysql_query("SELECT * FROM newsevent where id = '$id' order by id DESC");
Ejemplo: el enlace del sitio web es
mysite.com/newsview.php?id=30
Pongo el símbolo 'al final de la url. Devolverá un error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''30''' at line 1 SELECT * FROM newsevent where id = '30''.
Este es el código completo de newsview.php
<?php
$page="video";
require('include/header.php');
require('include/config.php');
$id = intval($_REQUEST['id']);
$result = mysql_query("SELECT * FROM newsevent where id = '$id' order by id DESC");
?>
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=306364829393363";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script><sectionid="wrappermain">
<div class="wrapper">
<div class="gray-top"> </div>
<div class="content">
<!--------- Bradcrum ------- -->
<div class="bradcum">
<?php
$query5 = "SELECT * FROM newsevent where id = '$id'";
$result5 = mysql_query($query5) or die (mysql_error() . ' ' .$query5);
while($row5 = mysql_fetch_assoc($result5)) {
?>
<h2> <a href="news.php" style="font-size:16px;">News and Events </a> » <a style="font-size:16px;"><?php echo $row5['title']; ?> </a> </h2> <p>
<?php } ?>
</div>
<!-- ------------ -->
<div id="newsevent">
<?php
while($row = mysql_fetch_assoc($result))
{
$no+= 1;
?>
<div><h2><?php echo $row['title']; ?></h2> </div>
<!-- <div> <img src = "images/newsandevent/<?php //echo $row['image']; ?>" style = "height: 344px; width: 630px;" /> </div> -->
<div class="disp"> <?php echo $row['de']; ?> </div>
<?php } ?>
<!--<div class="sharess">
<div class="fb-like" data-href="http://mysite.com/newsview.php?id=<?php echo $id; ?>" data-send="true" data-width="200" data-show-faces="false"></div>
<a href="https://twitter.com/share" class="twitter-share-button" data-url="http://mysite.com/newsview.php?id=<?php echo $id; ?>" data-via="Atul_33" data-lang="en">Tweet</a>
</div>-->
<!-- AddThis Button BEGIN -->
<div style="width: 400px;">
<a class="addthis_button" href="http://www.addthis.com/bookmark.php?v=300&pubid=ra-50f6428f0c05d757"><img src="http://s7.addthis.com/static/btn/v2/lg-share-en.gif"width="160" height="20" alt="Bookmark and Share" style="border:0"/></a>
<script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-50f6428f0c05d757"></script>
<div class="addthis_toolbox addthis_default_style">
<a class="addthis_button_facebook_send"></a>
</div>
</div>
<!-- AddThis Button END -->
</div>
<div class="right" style="margin-top:40px;">
<div class="white-lt">
<div class="white-rt"></div>
<div class="white-m">
<strong> Recent News & Events</strong>
<?php $result = mysql_query("SELECT * FROM newsevent order by id DESC");
while($row = mysql_fetch_assoc($result))
{
?>
<div><ul><li><a href = "newsview.php?id=<?php echo $row['id']; ?>"> <?php echo $row['title']; ?></li></ul> </a></div>
<?php } ?>
</div>
<div class="white-lb">
<div class="white-rb"></div>
</div>
</div>
</div>
</div>
<div class="gray-bot"> </div>
</div>
</section>
<?php
require('include/footer.php');
?>
Otra cosa que me hace sentir confiado es la razón por la que el siguiente código proviene del archivo viewworkshop.php no es vulnerable a la inyección de SQL. La estructura de consulta es la misma que la del código anterior.
Este es el código completo para viewworkshop.php. También tiene el código $ id = intval ($ _ REQUEST ['id'])
<?php
$page="workshops";
require('include/config.php');
require('include/header.php');
$id = intval($_REQUEST['id']);
?>
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=306364829393363";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script><sectionid="wrappermain">
<div class="wrapper">
<div class="gray-top"> </div>
<div class="content">
<?php
$query = "select * from workshop where id = '$id'";
$result = mysql_query($query) or die (mysql_error() . ' ' .$query);
while($row = mysql_fetch_assoc($result)) { ?>
<div class="content-left">
<h2><?php echo $row['headline']; ?></h2>
<artical>
<?php echo $row['details']; ?>
</artical>
<!--<div class="sharess">
<div class="fb-like" data-href="http://mysite.com/viewworkshop.php?id=<?php echo $id; ?>" data-send="true" data-width="200" data-show-faces="false"></div>
<a href="https://twitter.com/share" class="twitter-share-button" data-url="http://mysite.com/viewworkshop.php?id=<?php echo $id; ?>" data-via="Atul_33" data-lang="en">Tweet</a>
</div>-->
<!-- AddThis Button BEGIN -->
<div style="width: 400px;">
<a class="addthis_button" href="http://www.addthis.com/bookmark.php?v=300&pubid=ra-50f6428f0c05d757"><img src="http://s7.addthis.com/static/btn/v2/lg-share-en.gif"width="160" height="20" alt="Bookmark and Share" style="border:0"/></a>
<script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-50f6428f0c05d757"></script>
<div class="addthis_toolbox addthis_default_style">
<a class="addthis_button_facebook_send"></a>
</div>
</div>
<!-- AddThis Button END -->
</div>
<div class="content-right">
<div class="module_white">
<h2>Dates</h2>
<p><?php echo $row['start_date']; ?> and <?php echo $row['end_date']; ?></p>
</div>
<div class="module_white">
<h2>Location </h2>
<p><?php echo $row['address']; ?></p>
</div>
<div class="module_white">
<h2>Timings</h2>
<p><?php echo $row['start_time']; ?> to <?php echo $row['end_time']; ?>.</p>
</div>
<div class="module_white">
<h2>Maximum Seats</h2>
<p><?php echo $row['seats']; ?></p>
</div>
<div class="module_white">
<h2>Prerequisites</h2>
<p><?php echo $row['prerequisites']; ?></p>
</div>
<div class="module_white">
<h2>Join The Workshop</h2>
<p><?php echo $row['registration']; ?></p>
</div>
<div class="module_white">
<h2>Participation Fee</h2>
<p><?php echo $row['cost']; ?></p>
</div>
</div>
<?php } ?>
</div>
<div class="gray-bot"> </div>
</div>
</section>
<?php
require('include/footer.php');
?>