|
WebApp Sec
mailing list archives
Re: SQL injection and PHP/MYSQL
From: Bill Pennington <billp () boarder org>
Date: Tue, 9 Sep 2003 12:55:51 -0700
One of the main hurdles to overcome with MySQL SQL injection is that
current production versions of MySQL (4.0.x and below) do not support
subselects. So injecting "UNION ALL SELECTS..." etc generally will not
work. You can still use ' OR 1=1 type injections though.
The current alpha 4.1 of MySQL does support subselects so I think there
are going to be a few more SQL Injection issues with MySQL once people
start using the 4.1 code.
I don't know PHP that well so I can't comment on it.
On Tuesday, September 9, 2003, at 12:04 PM, Robert Buljevic wrote:
I'm well aware of the sql injection problem when accepting non-trusted
data.
However, I'm interested in a more concrete example, precisely the
PHP/MySQL
combination.
Suppose I have some input text that's passed to mysql for searching
via http
get request.
What characters should I allow/disallow?
And is it enough to use PHP's addslashes function? If not, why? Could
you
provide any example of input that could cause injection even if it's
slashed - always referring to the particular case of PHP/MYSQL?
Any info would be appreciated... Thanks!
Robert Buljevic
---
Bill Pennington, CISSP, CCNA
Chief Technology Officer
WhiteHat Security Inc.
http://www.whitehatsec.com
 By Date 
By Thread
Current thread:
|
Intro
