Php Sql Injection Concat Query
Description
Detects PHP SQL injection vulnerabilities where user-controlled input is directly concatenated into SQL queries without proper sanitization or parameterization. This can allow attackers to manipulate the query structure and execute malicious SQL commands.
Detection Strategy
• Identifies PHP database query functions or methods that accept SQL strings
• Checks if the SQL query is constructed through string concatenation operations
• Examines if any concatenated values originate from user inputs like $_GET, $_POST, or request parameters
• Reports a vulnerability when unsanitized user input is directly concatenated into SQL queries
Vulnerable code example
<?php
$conn = new mysqli("localhost", "user", "password", "database");
// VULNERABLE: Direct concatenation of user input in SQL query
if (isset($_GET['user_id'])) {
$userId = $_GET['user_id'];
$sql = "SELECT * FROM users WHERE id = '" . $userId . "'"; // Unsafe: User input directly concatenated
$result = mysqli_query($conn, $sql);...✅ Secure code example
<?php
$conn = new mysqli("localhost", "user", "password", "database");
// Secure: Using prepared statement instead of direct concatenation
if (isset($_GET['user_id'])) {
$userId = $_GET['user_id'];
$stmt = $conn->prepare("SELECT * FROM users WHERE id = ?"); // Safe: Uses parameterized query
$stmt->bind_param("s", $userId);...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.