Skip to content

README.md

Latest commit

Β 

History

History
114 lines (78 loc) Β· 2.83 KB

README.md

File metadata and controls

114 lines (78 loc) Β· 2.83 KB

SQL Injection Prevention System

This project demonstrates what SQL Injection is, how attackers exploit it, and how to prevent it using secure coding techniques.

πŸ” What It Includes

  • Vulnerable login system (for educational purposes)
  • Secure login system using prepared statements
  • SQL Injection detection & logging
  • Input validation
  • Folder structure for clear separation
  • Tested on Ubuntu/WSL using LAMP stack

πŸ§ͺ Vulnerability Demo

To see the vulnerable system:

  • Go to /vulnerable/index.html
  • Try:
    • Username: admin' --
    • Password: anything
  • You will be logged in without a valid password!

βœ… Secure System

To see the secure system:

  • Go to /secure/index.html
  • Try the same SQL injection β€” it will be blocked
  • The attempt will be logged in logs.txt

πŸ›  Technologies Used

  • PHP
  • MySQL/MariaDB
  • Apache
  • HTML + Bootstrap
  • Ubuntu on WSL

πŸ“‚ Folder Structure

sqli-project/ β”œβ”€β”€ vulnerable/ β”‚ β”œβ”€β”€ index.html # Unsafe login form β”‚ └── login.php # Vulnerable to SQLi β”œβ”€β”€ secure/ β”‚ β”œβ”€β”€ index.html # Safe login form β”‚ └── login_secure.php # Uses prepared statements β”œβ”€β”€ logs.txt # Records SQLi attempts β”œβ”€β”€ .gitignore └── README.md

πŸ§ͺ Vulnerable Login Example

Navigate to: http://localhost:8080/sqli-project/vulnerable/index.html Try: Username: admin' -- Password: anything

Expected: Logged in β€” the password is bypassed due to SQL injection.

βœ… Secure Login Example

Navigate to: http://localhost:8080/sqli-project/secure/index.html

Same attempt: Username: admin' -- Password: anything

Expected: Login fails, input is logged in logs.txt, and the system is safe.

πŸš€ How to Run

cd /var/www/html/sqli-project
git clone https://github.com/YOUR_USERNAME/sqli-project.git

Ensure your Apache is running on port 8080.

Open browser:

http://localhost:8080/secure/index.html

Security Techniques Used

Prepared Statements to prevent query tampering

Regex Validation to restrict harmful input

Logging for all suspected SQLi attempts

🧠 What I Learned

How SQL injection works from the ground up

How to break a system and secure it again

How to build cybersecurity projects for GitHub + blog

Why simple code structure helps with learning and sharing

πŸ“– Blog Post

Read the full blog post: How I Broke and Fixed My Own Login System to Learn SQL Injection

πŸ“„ License

MIT License β€” use for personal or educational projects.

🀝 Contributing

Pull requests are welcome β€” especially for extra validation layers, logging improvements, or UI enhancements.

⚠️ Disclaimer

This project is for educational purposes only. Never deploy the vulnerable version publicly. Always secure your database queries.