svivian Posted August 26, 2008 Share Posted August 26, 2008 I keep hearing about SQL injection attacks where someone submits '; DROP TABLE x; in a form where the variable will be used as part of a WHERE clause. But the mysql_query() function clearly states that it must have only one query - "multiple queries are not supported". So does this mean SQL injection attacks are not possible, even with unescaped data? Link to comment https://forums.phpfreaks.com/topic/121437-question-about-sql-injection-and-mysql_query/ Share on other sites More sharing options...
fenway Posted August 26, 2008 Share Posted August 26, 2008 First, that is not the only example of sql injection. Second, there are other functions that do support multiple queries (or so I am told). Link to comment https://forums.phpfreaks.com/topic/121437-question-about-sql-injection-and-mysql_query/#findComment-626232 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.