So I am teaching myself some new security penetration testing stuff and 1 think that I am not good at is SQL injection. So I create a lab environment with a window computer running LAMP. (I know that I should use Linux but our lab didn’t have any test Linux boxes. They are in production)

So I create a MYSql database and web page to try and learn MYSql injections. I am writing the page in PHP because I know it and that looks to be a problem. Every time I send in a character in the login form (something that I made), the entry gets slashes.


‘ = \’
“ = \”
\n = \\n


So on and so forth.

How can I fool PHP with SQL injections. This is for learning only.


Thanks