我的网站容易受到sql注入吗? (PHP新手)

I'm new to php for about a month and I decide to create my own website. Situation: My mysql server store user as md5 and password as md5. And a captcha on the login page

Let's have a look at my code

<?php
session_destroy();
$usermod=md5($_POST["user"]);
$passmod= md5($_POST["pass"]);
if(file_get_contents("http://www.opencaptcha.com/validate.php?ans=".$_POST['code']."&img=".$_POST['img'])=='pass')
{
$con=mysqli_connect("hidden","hidden","hidden","hidden");
// Check connection
if (mysqli_connect_errno())
 {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result2 = mysqli_query($con,"SELECT * FROM Users
WHERE Username_login='$usermod'");
if($row2 = mysqli_fetch_array($result2))
{
$result = mysqli_query($con,"SELECT * FROM Users
WHERE Username_login='$usermod' AND Password='$passmod'");
if($row = mysqli_fetch_array($result))
{
echo "Thank you for logging in: ".$row['FirstName']." as ".$row['Username'];
session_start();
$_SESSION['user'] = $row['Username'];
$_SESSION['email'] = $row['Email_start']."@".$row['Email_domain'];
$_SESSION['name'] = $row['FirstName']." ".$row['LastName'];
header("Location: http://mspb.tk/login/welcome.php");
}
else
{
header("Location: http://mspb.tk/login/login.php?login=failed");
}}
else
{
header("Location: http://mspb.tk/login/login.php?username=failed");
}
}
else {
header("LOCATION:http://www.mspb.tk/login/login.php?opencaptcha=failed");
}
?>

That's it if anyone spot an sql injection and tell me I would be very happy :) Thank you very much Poom

No, it's not vulnerable to SQL injection, however...

There are a bunch of other security-related issues to note:

  1. You are using MD5 to store passwords. MD5 is known to be weak and inexpensive to crack, and you should use PHP's password_hash function instead. If you're unable to use PHP 5.5 due to using shared hosting etc. look up crypt with CRYPT_BLOWFISH & generating random salts.
  2. You are not salting passwords. By using a salt (a random string generated for each user record stored alongside the password in the database), you can make it far more difficult for a cracker to break the hashes in your database as even two identical passwords will produce different hashes. You also remove the rainbow table attack vector. If you use password_hash, this is done for you.
  3. You appear to be using MD5 to store usernames, there is no reason to do this just to avoid SQL injection, learn to use prepared statements instead as later functions (like search, for example) will require you to submit plaintext parameters for comparison against plaintext.
  4. It looks like you've just dumped your hostname and MySQL username/password on StackOverflow. I'd suggest changing those on your live site immediately as someone could have copy/pasted them before you hid them.

No. Since you are md5'ing the only 2 _POST variables you're inserting into the query, you'll be fine. md5 always returns the hash as a 32-character hexadecimal number no matter what the input.

Start by removing:

AND Password='$passmod'

I read that removing this makes it less vulnerable!

And Of course, md5() is supposed to NOT be used anymore these days, because they are too easy to bypass, with rainbow tables. Unfortunately I can't help you with the encryption process, I need some answers regarding these too(new as well :P)

So the best thing it to:

SELECT * from table where username=$username

After that you compare the $password the user entered with the password for that username/

It involves using mysqli_fetch_array($result, MYSQL_ASSOC), where $result is a variable to your mysqli_query.