Thread: PHP: SQL Injections
View Single Post
  #2 (permalink)  
Old 09-23-2007, 11:55 PM
v0id's Avatar   
v0id v0id is offline
Super Moderator
  
Join Date: Apr 2007
Location: Denmark
Posts: 2,572
Last Blog:
CherryPy(thon)
Credits: 54
Rep Power: 28
v0id is a glorious beacon of lightv0id is a glorious beacon of lightv0id is a glorious beacon of lightv0id is a glorious beacon of lightv0id is a glorious beacon of lightv0id is a glorious beacon of light
Send a message via MSN to v0id
Default
Pretty good article.
There's a little bug in your SQL injection though. I don't think the SQL injection you come up with would work correctly.
Code:
' OR 1 = '1
As you see, you're comparing an integer (1) with a character/string ('1') I'm not sure if SQL cares about it or not, but I'd prefer to compare a character/string and a character/string.
Code:
' OR '1' = '1
It was only a little note, beside that; good work!

I actually made a blogpost on this topic a while ago, if anyone should be interested.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
|
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

I'm always up for a chat, so feel free to contact me...
Last edited by v0id; 09-24-2007 at 07:38 AM.
Reply With Quote