What is SQL injection??

**tolkienarda** · Mar 2 '07, 04:53 PM

hi all

lets say that i had an input field that was saved to a variable in my php script
<input> = $var
then $var is tested agains $varfromdb in an if statement
if($varfromdb == $var) allow access
and being the mean guy i am i typed somthing into the input field like
1'||'1'='1
could that get me in or worse could i enter somthing like this
1' || 'http://www.mysite.com/meanscript.php
and then run a script on my server.

eric

**ronverdonk** · Mar 2 '07, 05:10 PM

No, this will not work as injection. Because the $varfromdb variable is compared with the content of the $var variable. The $var variable is not evaluated (E.g. when $var ='1 OR 2==2' the $varfromdb will be compared against that string).

It is different when an SQL statement is constructed using variables in the statement build and then evaluated by the SQL language interpreter at the server the statement is passed from the program to the server.

Ronald :cool:

**tolkienarda** · Mar 2 '07, 05:15 PM

ok so lets say I am attacking a script called http://www.theirsite.c om/script.php
in my second example
1' || 'http://www.mysite.com/meanscript.php
if meanscript.php had an include of script.php could i use their database connection
include(http://www.theirsite.c om/script.php)
could i then use meanscript to insert, delete, and oterwise reak havack on someone's database

eric

**ronverdonk** · Mar 2 '07, 05:19 PM

I do not think this is the place to discuss web or database attack techniques in detail. Some people might get ideas from it.

Ronald :cool:

**tolkienarda** · Mar 2 '07, 05:21 PM

ok sorry
eric

**ronverdonk** · Mar 2 '07, 06:23 PM

Nothing to be sorry about. I am only worried about people, not you!, getting the wrong ideas and I wouldn't want to contribute to that.

Ronald :cool:

What is SQL injection??

Comment

Comment

Comment

Comment

Comment

Comment