John Davidson

Message:

My code is already safe, using parameters in SQL queries, but, I would like to detect if anyone attempts to inject something into a submit form.

I found Snort, but I would need something that would be at PHP script level, not the whole network.

This is for a site that contains personal information for students and thus, we will warn (or even take action against) anyone that even tries an attack.

---

My Answer:
One way to detect SQL injection attempts at the PHP script level is to monitor the input data for suspicious patterns or characters commonly used in SQL injection attacks. You can create a function that checks the input data for these patterns and triggers a warning or takes action if any suspicious activity is detected.

Here is an example of how you can implement this in your PHP script:

php
function detectSQLInjection($input) {
$patterns = array('/\bunion\b/i', '/\bselect\b/i', '/\binsert\b/i', '/\bupdate\b/i', '/\bdelete\b/i', '/\bdrop\b/i', '/\btruncate\b/i', '/\balter\b/i');

foreach($patterns as $pattern) {
if(preg_match($pattern, $input)) {
// Log the attempt or take action
// For example, you can log the IP address of the user or block the request
// You can also display a warning message to the user
echo "SQL injection attempt detected!";
exit;
}
}
}

// Call the function with the input data from the form
$input = $_POST['input_field']; // Assuming the input is coming from a form field
detectSQLInjection($input);


This function checks the input data for common SQL injection patterns and triggers a warning if any suspicious activity is detected. You can customize the patterns to match specific keywords or characters that are commonly used in SQL injection attacks.

Remember that this is just one way to detect SQL injection attempts and it's important to also have other security measures in place, such as using parameterized queries and input validation, to prevent SQL injection attacks.