SQL Injection and mysql_real_escape_string
View Single Post
05-01-2008, 08:37 PM
Join Date: Nov 2007
Originally Posted by
I haven't tried it, but I think you can make a sql injection even using mysql_real_escape_string(). (I don't know if mysql_real_escape_string() removes spaces or not)
"SELECT * FROM user WHERE id = $id"
What id $id has this?
$id = "99999 OR id > 0";
This should list all the users. The problem there is that $id is not between ', so the attacker don't have to write '. But the problem are the spaces, if they are removed everything will be fine.
Since it is an integer, cast it as one. Don't try to use it as a string.
"99999 OR id > 0"
View Public Profile
Send a private message to wGEric
Visit wGEric's homepage!
Find More Posts by wGEric