Skip to content

Mugeha/sql_injection_prevention_system

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
secure
secure
 
 
vulnerable
vulnerable
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

SQL Injection Prevention System

This project demonstrates what SQL Injection is, how attackers exploit it, and how to prevent it using secure coding techniques.

🔐 What It Includes

  • Vulnerable login system (for educational purposes)
  • Secure login system using prepared statements
  • SQL Injection detection & logging
  • Input validation
  • Folder structure for clear separation
  • Tested on Ubuntu/WSL using LAMP stack

🧪 Vulnerability Demo

To see the vulnerable system:

  • Go to /vulnerable/index.html
  • Try:
    • Username: admin' --
    • Password: anything
  • You will be logged in without a valid password!

✅ Secure System

To see the secure system:

  • Go to /secure/index.html
  • Try the same SQL injection — it will be blocked
  • The attempt will be logged in logs.txt

🛠 Technologies Used

  • PHP
  • MySQL/MariaDB
  • Apache
  • HTML + Bootstrap
  • Ubuntu on WSL

📂 Folder Structure

sqli-project/ ├── vulnerable/ │ ├── index.html # Unsafe login form │ └── login.php # Vulnerable to SQLi ├── secure/ │ ├── index.html # Safe login form │ └── login_secure.php # Uses prepared statements ├── logs.txt # Records SQLi attempts ├── .gitignore └── README.md

🧪 Vulnerable Login Example

Navigate to: http://localhost:8080/sqli-project/vulnerable/index.html Try: Username: admin' -- Password: anything

Expected: Logged in — the password is bypassed due to SQL injection.

✅ Secure Login Example

Navigate to: http://localhost:8080/sqli-project/secure/index.html

Same attempt: Username: admin' -- Password: anything

Expected: Login fails, input is logged in logs.txt, and the system is safe.

🚀 How to Run

cd /var/www/html/sqli-project
git clone https://github.com/YOUR_USERNAME/sqli-project.git

Ensure your Apache is running on port 8080.

Open browser:

http://localhost:8080/secure/index.html

Security Techniques Used

Prepared Statements to prevent query tampering

Regex Validation to restrict harmful input

Logging for all suspected SQLi attempts

🧠 What I Learned

How SQL injection works from the ground up

How to break a system and secure it again

How to build cybersecurity projects for GitHub + blog

Why simple code structure helps with learning and sharing

📖 Blog Post

Read the full blog post: How I Broke and Fixed My Own Login System to Learn SQL Injection

📄 License

MIT License — use for personal or educational projects.

🤝 Contributing

Pull requests are welcome — especially for extra validation layers, logging improvements, or UI enhancements.

⚠️ Disclaimer

This project is for educational purposes only. Never deploy the vulnerable version publicly. Always secure your database queries.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages