SQL Injection and mysql_real_escape_string
View Single Post
05-03-2008, 08:21 PM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
Probably because I'm not a hacker, nor does your sample script even run to make the attempt on, nor do I have the time. However, after looking at your script, with all the single quotes, and the only other method called is mysql_real_escape_string, I'm going to firmly believe that your scripts are entirely and probably very easily hackable.
The first SQL injection attack I ever read about was something akin to: ' username='admin' --, which makes use of the fact that the script is probably using single quotes, so I hardly see how you believe this to be a form of security.
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity