Hi all, I've been testing the security of some of my forms, and did find some nasty holes in regards to the forms not being validated properly (and sometimes not at all). Referring to the webpage; http://www.php.net/manual/en/security.database.php#security.database.sql-inj ection I should be able to create a valid query statement from the posted form data, but it seems that my SQL server (MySQL) isn't accepting the second (malicious) query that is prefixed with a semi-colon.
Example PHP code : $query = "SELECT * FROM usertable WHERE uname = '$uname' AND upass = '$password'; In my form password box, I type in this : '; insert into user set uname ='geoff', upass='cracked'; /* Since the connected user has insert privileges, I expect to see a new row in the table, but instead see this error message : You have an error in your SQL syntax near '; insert into usertable set uname ='geoff', upass='cracked'; /*' at line 10 The $query resulted in this : SELECT * FROM usertable WHERE uname = '' AND uspass = ''; insert into usertable set uname ='geoff', upass='cracked'; /*'. It simply doesn't like the semi-colon in the query - I've written a hard-wired php script, and this proves that the semi-colon is the culprit : $query = "select * from updates order by `updated` desc LIMIT $mylimit;\n select 1+1 as `updated`"; Again, the error : You have an error in your SQL syntax near '; select 1+1 as `updated`' at line 1 Naturally I'll be validating those forms, but the curiosity has now set it - how can I make a valid query work? Thanks, Geoff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php