andz Posted May 25, 2009 Share Posted May 25, 2009 i've got a ready-made script that's uses many POST and GET to process request. I discovered an SQL injection using url. it successully executed this code and return the mysql version which is 4.1.22 here's the code: http://example.com/process.php?id=123456 union all select 1, @@version/* is there a way to filter the POST and GET to prevent this attack? Link to comment https://forums.phpfreaks.com/topic/159555-filter-sql-injection/ Share on other sites More sharing options...
trq Posted May 25, 2009 Share Posted May 25, 2009 filter. Link to comment https://forums.phpfreaks.com/topic/159555-filter-sql-injection/#findComment-841612 Share on other sites More sharing options...
waynew Posted May 25, 2009 Share Posted May 25, 2009 Make sure that what is coming in is a number. if(!isset($_GET['id']) || intval($_GET['id']) == 0){ header('Location: index.php'); exit; } else{ //handle url and display page } Link to comment https://forums.phpfreaks.com/topic/159555-filter-sql-injection/#findComment-841615 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.