Successful SQL Injection despite PHP Magic Quotes
Posted
by Crimson
on Stack Overflow
See other posts from Stack Overflow
or by Crimson
Published on 2010-04-29T08:21:44Z
Indexed on
2010/04/29
8:27 UTC
Read the original article
Hit count: 419
mysql
|sql-injection
I have always read that Magic Quotes do not stop SQL Injections at all but I am not able to understand why not! As an example, let's say we have the following query:
SELECT * FROM tablename
WHERE email='$x';
Now, if the user input makes $x=' OR 1=1 --
, the query would be:
SELECT * FROM tablename
WHERE email='\' OR 1=1 --';
The backslash will be added by Magic Quotes with no damage done whatsoever!
Is there a way that I am not seeing where the user can bypass the Magic Quote insertions here?
© Stack Overflow or respective owner