SQL Injeciton.

[GabbarRang () netscape net (Gabbar Sing)]

Hi,

We have an internal web application written in PHP, in which the developer has got following line.

$query = mysql_query("select field1,field2 from table where field1='$field1fromuser';");

and is sending user input to backend using post method.

At first sight I though its very much vulnerible to SQL Injection, but I am not just able to demonstrate it. As when i 
send the character " ' " it just escapes it before sending query to db as " ' " thus  failing my injection.

I had also tried injecting sql using char but without any luck as the variable is within single quote. Hence it did 
plain text
comparison.

Can any one shed some light on this, as I am new to sql injection.

Gabbar.

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/