zeeman48 Posted July 15, 2011 Share Posted July 15, 2011 That is all. Quote Link to comment Share on other sites More sharing options...
spiderwell Posted July 16, 2011 Share Posted July 16, 2011 nice code snippet, mind if i use it? Quote Link to comment Share on other sites More sharing options...
chaseman Posted July 17, 2011 Share Posted July 17, 2011 I barely see any SQL injections and don't know where this is going, I feel like an outsider and would appreciate if somebody could weigh me in into this insider joke. lol Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted July 17, 2011 Share Posted July 17, 2011 Look at the line starting with: $query = ... And try to figure out what's wrong with it. Quote Link to comment Share on other sites More sharing options...
Philip Posted July 17, 2011 Share Posted July 17, 2011 @$db = mysqli_connect('localhost', 'root', 'root', 'blog'); $query = "SELECT * FROM entries WHERE title = '".$_GET['query']."';"; $result = mysqli_query($db, $query); If I visited that page via this url: script.php?query=blah' OR '1 That would make query look like this: $query = "SELECT * FROM entries WHERE title = 'blah' OR '1';"; Of course, that's just a super simple example, but you could easily attack other parts of the DB and get user info. Quote Link to comment Share on other sites More sharing options...
chaseman Posted July 17, 2011 Share Posted July 17, 2011 Ahh now I'm understanding it, I just had to look a bit deeper into it haha. Are you guys looking out for websites where you can pull those tricks? lol Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted July 17, 2011 Share Posted July 17, 2011 No, but it's the most common/simplistic example of why you should always escape any string data that you'll use in a query. Escaping nullifies the ' characters that Philip used in his example, which would result in a bad query and no results for the attacker to poach. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 17, 2011 Share Posted July 17, 2011 Have a look at this article for tips on writing secure PHP code. Also you might want to check out http://shiflett.org too. Quote Link to comment Share on other sites More sharing options...
xylex Posted July 17, 2011 Share Posted July 17, 2011 No, but it's the most common/simplistic example of why you should always escape any string data that you'll use in a query. You should always sanitize any data that you use in a query, whether that means escaping or doing something else to sanitize the data. Escaping won't help you if you're using user data in an unquoted part of the query (unquoted integer in a limit or order by, table name reference, etc). Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted July 17, 2011 Share Posted July 17, 2011 No, but it's the most common/simplistic example of why you should always escape any string data that you'll use in a query. You should always sanitize any data that you use in a query, whether that means escaping or doing something else to sanitize the data. Escaping won't help you if you're using user data in an unquoted part of the query (unquoted integer in a limit or order by, table name reference, etc). ...obviously. Since the example/joke is an incoming, unsanitized string, that's what I addressed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.