Jump to content

mysql_query hack


Caps

Recommended Posts

Is it allowed to have more than one SQL statements (SELECT and DELETE) in one mysql_query() method? Or must you have two mysql_query methods to it?

If the user posts something you want to set into your database, will they could finished the insert statement and execute a drop and delete statement in the same mysql_query method?

Like:
site.php?id = ....
$id = "'; DELETE FROM users WHERE id = 1" //user changed variable
mysql_query("SELECT navn FROM users WHERE id = '$id'")

The above code does not work, but I hope you got the idea of it. Is it possible in any way?
Link to comment
https://forums.phpfreaks.com/topic/22986-mysql_query-hack/
Share on other sites

[quote author=thorpe link=topic=110490.msg446801#msg446801 date=1159985951]
I believe mysql5 may handle multiple queries seperated by colons.[/quote]
As far as I know, there is no difference how mysql_query() behaves depending on the MySQL version. One query is allowed, not more.
Link to comment
https://forums.phpfreaks.com/topic/22986-mysql_query-hack/#findComment-103859
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.