Hi,

I'm testing an application writen in PHP to see if it is vulnerable to SQL injections. There is a GET query in which I put hi' to check if its vulnerable. What I get is an error:
"DB Error: Bad SQL Query: SELECT cat_id, cat_name, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_sendpostcard FROM 4images_categories WHERE cat_name LIKE '%hi'%' ORDER BY cat_order DESC ;
You have an error in your SQL syntax near '' ORDER BY cat_order DESC ' at line 3"
Now I'm not expert in mySQL, but then again I'm not bad either, but this is a pretty complex query for me. I notice that it encapsulates the query in '%....%', could this potentially be a problem?
I also noticed that whatever I put in, (even -- after the qeury, which would make it not execute the rest) doesnt work, could there be some independant function which checks the query?

Any ideas?

Thanks