Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Browse
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
- More
Activity
- All Activity
- Search
- More
Join our Discord!
More
- More

PHP Coding Help

SQL Injection

forumnz

By forumnz
June 1, 2009 in PHP Coding Help

Start new topic

Recommended Posts

forumnz

Advanced Member

forumnz

Posted June 1, 2009

- Share

Posted June 1, 2009

Hi I'm trying to perform an SQL injection on some code I'm writing (just for fun, to see how it works).

I have written this line to gather some DB info.. what could I do to the input field as a injection?

$sql = mysql_query("SELECT name FROM test WHERE name='".$_POST['name']."'");

Thanks

Link to comment

https://forums.phpfreaks.com/topic/160421-sql-injection/

Share on other sites

Advanced Member

PFMaBiSmAd

Posted June 1, 2009

- Share

Posted June 1, 2009

http://www.php.net/manual/en/security.database.sql-injection.php

Short answer - Supply a closing single-quote to satisfy the SELECT query then add a UNION statement to the query to display anything you want.

Link to comment

https://forums.phpfreaks.com/topic/160421-sql-injection/#findComment-846498

Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

×

Browse
- Back
- Forums
- Staff
- Leaderboard
- Guidelines
- Terms of Service
Activity
- Back
- All Activity
- Search
Join our Discord!

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.