Jump to content

I've seen enough SQL injections...

zeeman48

By zeeman48
in Miscellaneous

 Share

Recommended Posts

Philip Advanced Member

Philip

Posted
Posted 

@$db = mysqli_connect('localhost', 'root', 'root', 'blog');

$query = "SELECT * FROM entries WHERE title = '".$_GET['query']."';";
$result = mysqli_query($db, $query);

 

If I visited that page via this url:

script.php?query=blah' OR '1

 

That would make query look like this:

$query = "SELECT * FROM entries WHERE title = 'blah' OR '1';";

 

Of course, that's just a super simple example, but you could easily attack other parts of the DB and get user info.

 

KevinM1 Advanced Member

KevinM1

Posted
Posted

No, but it's the most common/simplistic example of why you should always escape any string data that you'll use in a query.  Escaping nullifies the ' characters that Philip used in his example, which would result in a bad query and no results for the attacker to poach.

xylex Newbie

xylex

Posted
Posted

No, but it's the most common/simplistic example of why you should always escape any string data that you'll use in a query.

 

You should always sanitize any data that you use in a query, whether that means escaping or doing something else to sanitize the data.  Escaping won't help you if you're using user data in an unquoted part of the query (unquoted integer in a limit or order by, table name reference, etc).

KevinM1 Advanced Member

KevinM1

Posted
Posted

No, but it's the most common/simplistic example of why you should always escape any string data that you'll use in a query.

 

You should always sanitize any data that you use in a query, whether that means escaping or doing something else to sanitize the data.  Escaping won't help you if you're using user data in an unquoted part of the query (unquoted integer in a limit or order by, table name reference, etc).

 

...obviously.  Since the example/joke is an incoming, unsanitized string, that's what I addressed.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.