Jump to content

SQL injection small question

fortnox007

By fortnox007
in PHP Coding Help

 Share

Recommended Posts

fortnox007 Regular Member

fortnox007

Posted
Posted

Hi all,

 

I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do.

So I made a simple table besides the other tables named delete_me,  made a form and started testing. But for some reason I can get that table to drop.

 

this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection

 

in all 3 fields (firstname, lastname email) put a value and in the last one i put:

 

but nothing happend.

 

if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against.

 

Link to comment
Share on other sites
fortnox007 Regular Member

fortnox007

Posted
  • Author
Posted

Hi all,

 

I thought instead of just simple do all the security stuff automatically, why not see for myself what the it can do.

So I made a simple table besides the other tables named delete_me,  made a form and started testing. But for some reason I can get that table to drop.

 

this is what i did on the front end with help from here: http://en.wikipedia.org/wiki/SQL_injection

 

in all 3 fields (firstname, lastname email) put a value and in the last one i put:

 

but nothing happend.

 

if someone knows what i am doing wrong please tell me because I think it's vital in order to protect yourself one needs to know what he or she is up against.

 

Oh i wasn't able to edit the stuff I wrote before this, suddenly the site was afk. IF i caused it sorry, i was allready sweating. If someone want to see what i put in I can make an image and post it elsewhere. not sure if what i posted caused any trouble. :shrug:

Link to comment
Share on other sites
fortnox007 Regular Member

fortnox007

Posted
  • Author
Posted

I have this normal query:

$query = "INSERT INTO email_list (first_name, last_name, email)".
                "VALUES('$_firstname', '$_lastname', '$_email')";

 

I just read mysql doesnt allow ; to add multiple query's so i am pretty sure you can't do drop table. Atleast i just ried everything and i can't.

Also i tried to add fields or something to the query, but everything get's pushed into VALUES ().

 

I really can't see what damage can be done . It was fun trying though.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.