Reply to Another form of SQL injection

Your name:

Reply:


Posted by howachen on 12/13/11 11:49

Hi,

In many web articles, people focusing on SQL injection in the form of :


e.g.
/**********************************************************/
$name = "tom' UNION blah blah blah"
$query = "SELECT * FROM users WHERE name = '".$name."';
/**********************************************************/

However, another form of SQL injection might in the form of...

/**********************************************************/
$name = "1 UNION blah blah blah"
$query = "SELECT * FROM users WHERE id = ".$name;
/**********************************************************/

for case 1, we can easily solved by escaping the special characters
like " ' ", but how to solve for case 2?

Thanks.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация