fortnox007 Posted September 22, 2010 Share Posted September 22, 2010 Hi all, I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do. So I made a simple table besides the other tables named delete_me, made a form and started testing. But for some reason I can get that table to drop. this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection in all 3 fields (firstname, lastname email) put a value and in the last one i put: but nothing happend. if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against. Link to comment https://forums.phpfreaks.com/topic/214147-sql-injection-small-question/ Share on other sites More sharing options...
fortnox007 Posted September 22, 2010 Author Share Posted September 22, 2010 Hi all, I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do. So I made a simple table besides the other tables named delete_me, made a form and started testing. But for some reason I can get that table to drop. this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection in all 3 fields (firstname, lastname email) put a value and in the last one i put: but nothing happend. if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against. Oh i wasn't able to edit the stuff I wrote before this, suddenly the site was afk. IF i caused it sorry, i was allready sweating. If someone want to see what i put in I can make an image and post it elsewhere. not sure if what i posted caused any trouble. Link to comment https://forums.phpfreaks.com/topic/214147-sql-injection-small-question/#findComment-1114311 Share on other sites More sharing options...
fortnox007 Posted September 23, 2010 Author Share Posted September 23, 2010 I have this normal query: $query = "INSERT INTO email_list (first_name, last_name, email)". "VALUES('$_firstname', '$_lastname', '$_email')"; I just read mysql doesnt allow ; to add multiple query's so i am pretty sure you can't do drop table. Atleast i just ried everything and i can't. Also i tried to add fields or something to the query, but everything get's pushed into VALUES (). I really can't see what damage can be done . It was fun trying though. Link to comment https://forums.phpfreaks.com/topic/214147-sql-injection-small-question/#findComment-1114320 Share on other sites More sharing options...
fortnox007 Posted September 23, 2010 Author Share Posted September 23, 2010 Nevermind, i found it out, it took me loads of time but I now know how to do it : ) Keyword in the whole process is Union Link to comment https://forums.phpfreaks.com/topic/214147-sql-injection-small-question/#findComment-1114348 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.