GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Klen · 11-03-2011, 07:01 AM

Quote:

Originally Posted by BestXXXPorn

Yes, do not ever do that :P Imagine if the value of $_POST['bla'] was something like...

'; DROP DATABASE 'XXXXX

Byebye data... SQL injection FTL.

Check out http://us.php.net/manual/en/mysqli.r...ape-string.php

Hmm tried to do sql inject with

PHP Code:


			
 '; 'CREATE TABLE hax

(

hack1 varchar(15),

hack2 varchar(15),

)'

and with other combinations of ' and ;
and it doesn't work no matter what.
Only what i noticed is how this causing query not to execute.