Jump to content

[SOLVED] trying to make some sense out of an SQL injection attack in a tutorial on here

oregon

By oregon
in MySQL Help

 Share

Recommended Posts

oregon Newbie

oregon

Posted
Posted

i am reading tutorial:

http://www.phpfreaks.com/tutorial/php-security/page3

 

particularly i am on the section of SQL injections, and the sample the writer gives is:

 

INSERT INTO students (name) VALUES ('Robert'); DROP TABLE Students;--')

 

he then states "(Note: PHP does not support stacking queries with all DBMSs. MySQL in particular)".

 

1) first off, what is stacking queries, and did he have a typo should "in" be "is" in "MySQL in particular"? because it appears that sample would be considered stacking? no?

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The Mysql database supports multiple queries, separated by semi-colons. The php mysql functions do not currently support multiple queries, specifically to prevent sql injection of this type. Some of the php mysqli functions do support multiple queries, separated by semi-colons.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.