By Alexander Andonov ( sir(point)mordred(on)gmail )
Last Modified: 9/1/2007
[TEXT] size: 30k (MD5 SUM: 5d1004bdd927b2030ce77f85981900f0)
We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used. There are two major steps at writing SQL injection resistant code: correct validation and escaping of input and proper use of the SQL syntax. Failure to comply with any of them may lead to compromise. Many of the specific issues are already known, but no single document mentions them all.
Although the examples are built on PHP/MySQL, the same principles apply to ASP/MSSQL and other combinations of languages and databases.
- Introduction and rationale
- Getting to mysql_real_escape_string()
- Integer values
- The Return of the Integer Values
- Hi, what's your column name?
- Do You LIKE My %WildCard%?
- Other Databases and Other Issues
- A Summary in Plaintext