oregon Posted December 9, 2008 Share Posted December 9, 2008 i am reading tutorial: http://www.phpfreaks.com/tutorial/php-security/page3 particularly i am on the section of SQL injections, and the sample the writer gives is: INSERT INTO students (name) VALUES ('Robert'); DROP TABLE Students;--') he then states "(Note: PHP does not support stacking queries with all DBMSs. MySQL in particular)". 1) first off, what is stacking queries, and did he have a typo should "in" be "is" in "MySQL in particular"? because it appears that sample would be considered stacking? no? Link to comment https://forums.phpfreaks.com/topic/136224-solved-trying-to-make-some-sense-out-of-an-sql-injection-attack-in-a-tutorial-on-here/ Share on other sites More sharing options...
PFMaBiSmAd Posted December 9, 2008 Share Posted December 9, 2008 The Mysql database supports multiple queries, separated by semi-colons. The php mysql functions do not currently support multiple queries, specifically to prevent sql injection of this type. Some of the php mysqli functions do support multiple queries, separated by semi-colons. Link to comment https://forums.phpfreaks.com/topic/136224-solved-trying-to-make-some-sense-out-of-an-sql-injection-attack-in-a-tutorial-on-here/#findComment-710603 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.