Jump to content

[SOLVED] trying to make some sense out of an SQL injection attack in a tutorial on here


oregon

Recommended Posts

i am reading tutorial:

http://www.phpfreaks.com/tutorial/php-security/page3

 

particularly i am on the section of SQL injections, and the sample the writer gives is:

 

INSERT INTO students (name) VALUES ('Robert'); DROP TABLE Students;--') 

 

he then states "(Note: PHP does not support stacking queries with all DBMSs. MySQL in particular)".

 

1) first off, what is stacking queries, and did he have a typo should "in" be "is" in "MySQL in particular"? because it appears that sample would be considered stacking? no?

The Mysql database supports multiple queries, separated by semi-colons. The php mysql functions do not currently support multiple queries, specifically to prevent sql injection of this type. Some of the php mysqli functions do support multiple queries, separated by semi-colons.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.