During the course of my learning PHP and interfacing with MySQL, it has been brought to my attention that with proper URL encoding, that a MySQL query can be passed to the server through a function that writes to the current database.

This may seem common knowledge, and already discussed in other forums, but, I don't care..

Point about my site:

1) Anyway, on my site, I use session cookies to monitor the validity of a logged in user. This is checked on every page that is accessed. If this session variable is not there, the user is considered 'logged out' and asked to reauthenticate thier login.

2) We were trying to compromise the registration script that I wrote by passing a URL encoded query to the server by activating a 'fake' request for registration. In the encoded URL there was a trigger to activate the registration function (this had been verified as correct because, uh, I wrote it) and the query string was passed to the server with the correct table names, with column variable names. (Also verified because I told the user that was working on this)

3) We also verified that the string to the SQL server was queried by a user that has write access to the database.

Now, with all of this done.. the vulnerability failed. My question is why? Yes, I know it sounds like there isn't one there, but, all signs point to that it should have worked. The user's login was authenticated, the correct function was accessed, and the URL was passing the correct variables to the script. We just couldn't get it to write to the server.

If anyone has ideas on why this won't work, or what we may be doing wrong and can make it work. Please post so that I correct the code.

Thanks.. I guess..