[SOLVED] trying to make some sense out of an SQL injection attack in a tutorial on here

[oregon]

i am reading tutorial:

http://www.phpfreaks.com/tutorial/php-security/page3

 

particularly i am on the section of SQL injections, and the sample the writer gives is:

 

INSERT INTO students (name) VALUES ('Robert'); DROP TABLE Students;--') 

 

he then states "(Note: PHP does not support stacking queries with all DBMSs. MySQL in particular)".

 

1) first off, what is stacking queries, and did he have a typo should "in" be "is" in "MySQL in particular"? because it appears that sample would be considered stacking? no?

[PFMaBiSmAd]

The Mysql database supports multiple queries, separated by semi-colons. The php mysql functions do not currently support multiple queries, specifically to prevent sql injection of this type. Some of the php mysqli functions do support multiple queries, separated by semi-colons.