AbydosGater Posted December 9, 2006 Share Posted December 9, 2006 Hi, i have been working on my new site version for some time..And today i was testing its security and found some minor flaws within the code for mysql updates and delete using the GET form method and realised that with simply adding ' or 1=1 to the end of the get the query took affect on all records in the database..This has since been fixed with POST ;)But i was wondering for certain things ie: a login form... is it posible that an iinjection would take place on a SELECT query?Thanks Link to comment https://forums.phpfreaks.com/topic/30071-sql-injection-questions/ Share on other sites More sharing options...
fert Posted December 9, 2006 Share Posted December 9, 2006 it is possible to do a sql injection in a select statement. Link to comment https://forums.phpfreaks.com/topic/30071-sql-injection-questions/#findComment-138233 Share on other sites More sharing options...
AbydosGater Posted December 9, 2006 Author Share Posted December 9, 2006 May i ask how? i have tryed it within my login script but it seams to be holding up, but i want to make sure the rest of my site is secure Link to comment https://forums.phpfreaks.com/topic/30071-sql-injection-questions/#findComment-138234 Share on other sites More sharing options...
drifter Posted December 9, 2006 Share Posted December 9, 2006 well maybe they could....or 1-1; Delete from table;I am not a hacker... just a guess.Good thread though, got me thinking. Link to comment https://forums.phpfreaks.com/topic/30071-sql-injection-questions/#findComment-138235 Share on other sites More sharing options...
drifter Posted December 9, 2006 Share Posted December 9, 2006 interesting articlehttp://www.governmentsecurity.org/articles/SQLInjectionModesofAttackDefenceandWhyItMatters.php Link to comment https://forums.phpfreaks.com/topic/30071-sql-injection-questions/#findComment-138240 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.