Results 1 to 5 of 5

Thread: SQL Injection

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

July 22nd, 2006, 02:28 AM #5
nebulus200

View Profile

View Forum Posts

Visit Homepage
Jaded Network Admin

Join Date

Jun 2002

Posts

1,356
Well, if that really is the code, this isn't the case, but there are functions in PHP to help prevent these kind of attacks, IIRC, mysql_real_escape_string(). You might could try altering it a bit instead of using ' use maybe %27 or double unicode enocde? Probably won't work, but regardless, the point of SQL Injection is to add/modify the SQL query, so start thinking about what query you have out there and how you could alter it and you will find that it isn't always necessary to have ' to do a SQL Injection...

There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

(Merovingian - Matrix Reloaded)
Reply With Quote

Quick Navigation Newbie Security Questions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: SQL Injection

Thread Tools

Display

Threaded View

Posting Permissions