Another form of SQL injection — PHP Programming Language

You are here: Another form of SQL injection « PHP Programming Language « IT news, forums, messages

Posted by howachen on 06/14/11 11:49

Hi,

In many web articles, people focusing on SQL injection in the form of :

e.g.
/**********************************************************/
$name = "tom' UNION blah blah blah"
$query = "SELECT * FROM users WHERE name = '".$name."';
/**********************************************************/

However, another form of SQL injection might in the form of...

/**********************************************************/
$name = "1 UNION blah blah blah"
$query = "SELECT * FROM users WHERE id = ".$name;
/**********************************************************/

for case 1, we can easily solved by escaping the special characters
like " ' ", but how to solve for case 2?

Thanks.

Navigation:

Next in forum: Re: Another form of SQL injection
Prev in forum: Re: Optimizing MySQL
Thread view: Another form of SQL injection

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация