Jump to content

SQL injection small question


fortnox007

Recommended Posts

Hi all,

 

I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do.

So I made a simple table besides the other tables named delete_me,  made a form and started testing. But for some reason I can get that table to drop.

 

this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection

 

in all 3 fields (firstname, lastname email) put a value and in the last one i put:

 

but nothing happend.

 

if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against.

 

Link to comment
Share on other sites

Hi all,

 

I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do.

So I made a simple table besides the other tables named delete_me,  made a form and started testing. But for some reason I can get that table to drop.

 

this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection

 

in all 3 fields (firstname, lastname email) put a value and in the last one i put:

 

but nothing happend.

 

if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against.

 

Oh i wasn't able to edit the stuff I wrote before this, suddenly the site was afk. IF i caused it sorry, i was allready sweating. If someone want to see what i put in I can make an image and post it elsewhere. not sure if what i posted caused any trouble. :shrug:

Link to comment
Share on other sites

I have this normal query:

$query = "INSERT INTO email_list (first_name, last_name, email)".
                "VALUES('$_firstname', '$_lastname', '$_email')";

 

I just read mysql doesnt allow ; to add multiple query's so i am pretty sure you can't do drop table. Atleast i just ried everything and i can't.

Also i tried to add fields or something to the query, but everything get's pushed into VALUES ().

 

I really can't see what damage can be done . It was fun trying though.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.