fortnox007 Posted September 22, 2010 Share Posted September 22, 2010 Hi all, I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do. So I made a simple table besides the other tables named delete_me, made a form and started testing. But for some reason I can get that table to drop. this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection in all 3 fields (firstname, lastname email) put a value and in the last one i put: but nothing happend. if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 22, 2010 Author Share Posted September 22, 2010 Hi all, I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do. So I made a simple table besides the other tables named delete_me, made a form and started testing. But for some reason I can get that table to drop. this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection in all 3 fields (firstname, lastname email) put a value and in the last one i put: but nothing happend. if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against. Oh i wasn't able to edit the stuff I wrote before this, suddenly the site was afk. IF i caused it sorry, i was allready sweating. If someone want to see what i put in I can make an image and post it elsewhere. not sure if what i posted caused any trouble. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 23, 2010 Author Share Posted September 23, 2010 I have this normal query: $query = "INSERT INTO email_list (first_name, last_name, email)". "VALUES('$_firstname', '$_lastname', '$_email')"; I just read mysql doesnt allow ; to add multiple query's so i am pretty sure you can't do drop table. Atleast i just ried everything and i can't. Also i tried to add fields or something to the query, but everything get's pushed into VALUES (). I really can't see what damage can be done . It was fun trying though. Quote Link to comment Share on other sites More sharing options...
fortnox007 Posted September 23, 2010 Author Share Posted September 23, 2010 Nevermind, i found it out, it took me loads of time but I now know how to do it : ) Keyword in the whole process is Union Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.