|
|
Posted by howachen on 12/07/39 11:49
frizzle wrote:
> howac...@gmail.com wrote:
> > Hi,
> >
> > In many web articles, people focusing on SQL injection in the form of :
> >
> >
> > e.g.
> > /**********************************************************/
> > $name = "tom' UNION blah blah blah"
> > $query = "SELECT * FROM users WHERE name = '".$name."';
> > /**********************************************************/
> >
> > However, another form of SQL injection might in the form of...
> >
> > /**********************************************************/
> > $name = "1 UNION blah blah blah"
> > $query = "SELECT * FROM users WHERE id = ".$name;
> > /**********************************************************/
> >
> > for case 1, we can easily solved by escaping the special characters
> > like " ' ", but how to solve for case 2?
> >
> > Thanks.
>
> I believe it would treat 1 UNION blah blah blah as a string, meaning
> the query would look like
> SELECT * FROM users here id = '1 UNION blah blah blah'
>
> Frizzle.
However, The resulting query is :
SELECT * FROM users WHERE id = 1 UNION blah blah blah
and it worked!
Navigation:
[Reply to this message]
|