By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,530 Members | 880 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,530 IT Pros & Developers. It's quick & easy.

what is mysql injection?

P: 26
i heard a lot about mysql injection, dont know how actually people exploit it.

I normally query my mysql like this...

[PHP]select * from table where id-='$_GET[id]'[/PHP]

is this safe way of quering the database?
Dec 6 '07 #1
Share this Question
Share on Google+
4 Replies


Markus
Expert 5K+
P: 6,050
mysql injection is done through user input, ie. from a user submitting information through a form, and exploiting that form to do harmful things.
Dec 6 '07 #2

P: 26
mysql injection is done through user input, ie. from a user submitting information through a form, and exploiting that form to do harmful things.
can you shed more light on this? actually i also use forms to do various things, but dont get your point on how it can be exploited.
Dec 6 '07 #3

Markus
Expert 5K+
P: 6,050
great article on it, explaining how it's done and how to prevent it:

http://www.tizag.com/mysqlTutorial/m...-injection.php
Dec 6 '07 #4

P: 1
tuts has one solution for it though there are also negative feedbacks http://net.tutsplus.com/tutorials/to...considerations
Nov 21 '09 #5

Post your reply

Sign in to post your reply or Sign up for a free account.