GoFuckYourself.com - Adult Webmaster Forum - View Single Post - SQL Injection, what do you guys do, any experts avil?

ro8in · 10-20-2008, 03:46 AM

Just make sure your scripts filter any ' from the user input and you'll be save..

Because basically if your scripts makes querys like

SELECT * FROM `users` WHERE `userid` = '$_GET[userid]'

then I could inject by adding a ' to the ?userid=

So lets say I add ?userid=22'; DELETE * FROM `users` WHERE userid LIKE '%

I can make your query look like

SELECT * FROM `users` WHERE `userid` = '22'; DELETE * FROM `users` WHERE userid LIKE '%'

10-20-2008, 03:46 AM
ro8in Confirmed User Industry Role: Join Date: Sep 2006 Posts: 1,542	Just make sure your scripts filter any ' from the user input and you'll be save.. Because basically if your scripts makes querys like SELECT * FROM `users` WHERE `userid` = '$_GET[userid]' then I could inject by adding a ' to the ?userid= So lets say I add ?userid=22'; DELETE * FROM `users` WHERE userid LIKE '% I can make your query look like SELECT * FROM `users` WHERE `userid` = '22'; DELETE * FROM `users` WHERE userid LIKE '%' __________________ ------ Offcourse its a dude posting here. Probably a fut ugly one too. Fuck still people falling for this 100 year old trick