Skip to content

Mugeha/sql_injection_prevention_system

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

SQL Injection Prevention System

This project demonstrates what SQL Injection is, how attackers exploit it, and how to prevent it using secure coding techniques.

🔐 What It Includes

  • Vulnerable login system (for educational purposes)
  • Secure login system using prepared statements
  • SQL Injection detection & logging
  • Input validation
  • Folder structure for clear separation
  • Tested on Ubuntu/WSL using LAMP stack

🧪 Vulnerability Demo

To see the vulnerable system:

  • Go to /vulnerable/index.html
  • Try:
    • Username: admin' --
    • Password: anything
  • You will be logged in without a valid password!

✅ Secure System

To see the secure system:

  • Go to /secure/index.html
  • Try the same SQL injection — it will be blocked
  • The attempt will be logged in logs.txt

🛠 Technologies Used

  • PHP
  • MySQL/MariaDB
  • Apache
  • HTML + Bootstrap
  • Ubuntu on WSL

📂 Folder Structure

sqli-project/ ├── vulnerable/ │ ├── index.html # Unsafe login form │ └── login.php # Vulnerable to SQLi ├── secure/ │ ├── index.html # Safe login form │ └── login_secure.php # Uses prepared statements ├── logs.txt # Records SQLi attempts ├── .gitignore └── README.md

🧪 Vulnerable Login Example

Navigate to: http://localhost:8080/sqli-project/vulnerable/index.html Try: Username: admin' -- Password: anything

Expected: Logged in — the password is bypassed due to SQL injection.

✅ Secure Login Example

Navigate to: http://localhost:8080/sqli-project/secure/index.html

Same attempt: Username: admin' -- Password: anything

Expected: Login fails, input is logged in logs.txt, and the system is safe.

🚀 How to Run

cd /var/www/html/sqli-project
git clone https://github.com/YOUR_USERNAME/sqli-project.git

Ensure your Apache is running on port 8080.

Open browser:

http://localhost:8080/secure/index.html

Security Techniques Used

Prepared Statements to prevent query tampering

Regex Validation to restrict harmful input

Logging for all suspected SQLi attempts

🧠 What I Learned

How SQL injection works from the ground up

How to break a system and secure it again

How to build cybersecurity projects for GitHub + blog

Why simple code structure helps with learning and sharing

📖 Blog Post

Read the full blog post: How I Broke and Fixed My Own Login System to Learn SQL Injection

📄 License

MIT License — use for personal or educational projects.

🤝 Contributing

Pull requests are welcome — especially for extra validation layers, logging improvements, or UI enhancements.

⚠️ Disclaimer

This project is for educational purposes only. Never deploy the vulnerable version publicly. Always secure your database queries.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors