what is mysql injection?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • olddocks
    New Member
    • Nov 2007
    • 26
    #1

    what is mysql injection?

    i heard a lot about mysql injection, dont know how actually people exploit it.

    I normally query my mysql like this...

    [PHP]select * from table where id-='$_GET[id]'[/PHP]

    is this safe way of quering the database?
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      mysql injection is done through user input, ie. from a user submitting information through a form, and exploiting that form to do harmful things.

        Comment

        • olddocks
          New Member
          • Nov 2007
          • 26
          #3
          Originally posted by markusn00b
          mysql injection is done through user input, ie. from a user submitting information through a form, and exploiting that form to do harmful things.
          can you shed more light on this? actually i also use forms to do various things, but dont get your point on how it can be exploited.

            Comment

            • Markus
              Recognized Expert Expert
              • Jun 2007
              • 6092
              #4
              great article on it, explaining how it's done and how to prevent it:

              MySQL Tutorial - SQL Injection
              http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

                Comment

                • paparts
                  New Member
                  • Nov 2009
                  • 1
                  #5
                  re

                  tuts has one solution for it though there are also negative feedbacks http://net.tutsplus.com/tutorials/to...considerations

                    Comment

                    Previous template Next
                    Working...