SQL Injection and mysql_real_escape_string
View Single Post
05-01-2008, 02:20 PM
Join Date: Feb 2008
I haven't tried it, but I think you can make a sql injection even using mysql_real_escape_string(). (I don't know if mysql_real_escape_string() removes spaces or not)
"SELECT * FROM user WHERE id = $id"
What id $id has this?
$id = "99999 OR id > 0";
This should list all the users. The problem there is that $id is not between ', so the attacker don't have to write '. But the problem are the spaces, if they are removed everything will be fine.
- My PBB Game
- My Blog "Gaming With PHP"
View Public Profile
Send a private message to freenity
Visit freenity's homepage!
Find More Posts by freenity