How to Login to Any Account on an Insecure Site
View Single Post
12-14-2008, 09:46 PM
Join Date: Sep 2007
First off, this thread is over a year old. It belongs in a new thread, please read the dates before posting.
Second, that technique will not work and it strips functionality.
To inject anything, you just have to separate it by a removed character, this:
Thus opening it to attack.
It also takes out characters that could be used for legit purposes. Escaping them is how it should be done and mysql_real_escape_string() does this just fine (I see no real use for sprintf, it seems like adding another layer of processes with no advantage).
The Following User Says Thank You to Village Idiot For This Useful Post:
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot