Question: The PHP code handling the login looks roughly like this: $user = $_POST [ username ]); $hash = SHA1 ( $_POST [ password ]); $query

The PHP code handling the login looks roughly like this: $user = $_POST [ username ]); $hash = SHA1 ( $_POST [ password ]); $query = " SELECT ID , name FROM user WHERE ( name = $user OR email = $user ) AND pass = $hash "; $handle = mysql_query ( $query ); $results = msqyl_fetch_array ( $handle ); if ( found one record ) { allow the user to login } else { reject login }

Read about SQL injection countermeasure on the following web page: https: //secure.php.net/manual/en/mysqli.quickstart.multiple-statement.php 1) Based on the reading at the link above, briefly explain why we cannot carry out an UPDATE injection attack on the login code described above. 2) If the login code used a different function to interact with the database, it would be vulnerable - which function is that?

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

In this task you will use an SQL injection attack on a SELECT statement in order to log in without providing a password On the login form of the Collabtive website, there are input fields for the...

show steps. Please help! In this task you will use an SQL injection attack on a SELECT statement in order to log in without providing a password. On the login form of the Collabtive website, there...

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

Use PHP MySQL and HTML skills to create a working bulletin board. Registers users, then registered users can post messages to other users and can read messages posed by other users. Put files in...

Objective: Use PHP MySQL and HTML skills to create a working bulletin board. Registers users, then registered users can post messages to other users and can read messages posed by other users. Put...

web project Palestinian Best Food Store (PBFS), is an online food store that sales authenticated Palestinian Food, such as Zater, Olive Oil, Sage, ets. Also sales pre-packaged Palestinian meals such...

i am currently doing restaurant review web application and i need create login api locally for the POST and GET method in postman for testing if the api is working. the post method that users require...

Please send me screenshots, that your code works, and also give the keep the code simple if possible, as Im very bad at java. Thank you Consider the design of a database for a web site that allow...

in editing how can i make my php code works. below are my codings. when i click the edit post link, it should pass to authenticate2.php first to key in username and password then if successful it...

Search bar with html/php/sql isn't returning any records. Arts, Electronics, Travel, Food and Wine are in the table. I typed each into th search bar and none came back and it said no records...

Analyze the impact of the following situations on the operation of a ramp type digital voltmeter. Necessary explanation to be given to justify the answer. (i) The output connection of the ground...

The village of Oak Lawn wishes to conduct a study regarding the income level of households within the village. The village manager selects 10 homes in the southwest corner of the village and sends an...

A inverted sloped yield curve suggests short - term rates exceed long - term rates long - term rates exceed short - term rates the Federal Reserve is following a tight monetary policy the Federal...

Two cars in perfectly inelastic collision 1.0p 6 A drunken driver crashes his car into a parked car that has its brakes set. The two cars move off together (perfectly inelastic collision) for 6.00 m....

After Column and Data Types have been set in the Mining Structure, what is the next step?

What needs to occur after any Structural or Variable setting change in SSAS Mining Structures?

For the highest GS Pay Grade Group (1115) in the Federal Government, what are the chances of Females being included? Do Females have longer service statistics in that Group?