« previous next »
Pages: 1 [2]  All

Author Topic: You have an error in your SQL syntax - help!!  (Read 2397 times)

0 Members and 1 Guest are viewing this topic.

Offline Mchl

  • Staff Alumni
  • Freak!
  • *
  • Posts: 8,582
  • Gender: Male
  • That's Largo in my avatar, not me.
    • View Profile
    • FlingBits
Re: You have an error in your SQL syntax - help!!
« Reply #15 on: February 10, 2010, 01:07:41 PM »
Yeah, but right now you don't even know where errors happen when you provoke them. That's pretty essential thing to know.
Logged
NetBeans fanatic | ExtJS masochist | C++ denier
PHP4 & MySQL4 are no longer supported.
PHPFreaks Tutorials | PHP Debugging: A Beginner's guide | PHP Security Tutorial || How To Ask Questions The Smart Way
Flingbits tutorials | Class Autoloading

Offline PFMaBiSmAd

  • Guru
  • 'Insane!'
  • *
  • Posts: 14,588
  • In Coding, Automatic means you write code to do it
    • View Profile
Re: You have an error in your SQL syntax - help!!
« Reply #16 on: February 10, 2010, 01:25:12 PM »
If you go back to my last post in this thread and expand upon the // do your application level error reporting here... so that it includes the 5 W's - Who (the logged in username, IP address..), What (the actual query...), When (date/time...), Where (file name and line number), and Why (the result or error...) about the function call that is failing, you will know who caused the error, what data caused error, when it occurred, where it occurred, and why it occurred.
Logged
Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.

Offline PFMaBiSmAd

  • Guru
  • 'Insane!'
  • *
  • Posts: 14,588
  • In Coding, Automatic means you write code to do it
    • View Profile
Re: You have an error in your SQL syntax - help!!
« Reply #17 on: February 10, 2010, 01:47:23 PM »
Umm. Don't loose sight of the fact that the error message is just the end result of your code not escaping data being put into a query. The data you are testing with by adding a ' on the end of the URL happens to cause a syntax error. A hacker will be injecting actual SQL, which won't trigger an error, but will in fact either dump data in your tables or cause any username/password combination to cause him to become logged in as you.
Logged
Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.
Pages: 1 [2]  All
« previous next »