473,327 Members | 2,118 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,327 software developers and data experts.

what is mysql injection?

i heard a lot about mysql injection, dont know how actually people exploit it.

I normally query my mysql like this...

[PHP]select * from table where id-='$_GET[id]'[/PHP]

is this safe way of quering the database?
Dec 6 '07 #1
4 1952
Markus
6,050 Expert 4TB
mysql injection is done through user input, ie. from a user submitting information through a form, and exploiting that form to do harmful things.
Dec 6 '07 #2
mysql injection is done through user input, ie. from a user submitting information through a form, and exploiting that form to do harmful things.
can you shed more light on this? actually i also use forms to do various things, but dont get your point on how it can be exploited.
Dec 6 '07 #3
Markus
6,050 Expert 4TB
great article on it, explaining how it's done and how to prevent it:

http://www.tizag.com/mysqlTutorial/m...-injection.php
Dec 6 '07 #4
tuts has one solution for it though there are also negative feedbacks http://net.tutsplus.com/tutorials/to...considerations
Nov 21 '09 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

1
by: leegold2 | last post by:
// This statement below inserting one field works: // mysql_query("INSERT INTO page (page_url) VALUES (\"$url_field\")"); But I wanted to insert into two fields so I was trying all sorts of...
3
by: Armin Irger | last post by:
Hi, i'am running a debian sarge with the delivered apache2 mysql and php4. The file "mitarbeiter_eingabe.php" gets the data over a html <FORM> and send it to...
3
by: frizzle | last post by:
Hi there, I was wondering the folllowing: when i insert something into a mySQL DB -in a guestbook for instance- i mostly use mysql_escape_string($_POST['comment'). now i've seen...
19
by: cover | last post by:
Is there a restriction to the number of fields you can work with in a PHP to MySQL connection? I'd used as many as 15 quite a few times and now I have a form with 34 fields and can't seem to get...
3
by: Jacob Lyles | last post by:
Howdy, I'm a but of a newbie and I'd appreciate some help with a MySQL issue I'm having. I'm trying to insert some data into MySQL from a POST form but the query breaks whenever a user fails to...
3
by: howachen | last post by:
Hi, When doing mysql query (SELECT statements) in php, we often use prepare statement to prevent SQL injection. However, I just noticed that the prepare statements can SLOW the number of queries...
2
by: B.r.K.o.N.j.A | last post by:
I'm using mysql 4.1 and php5.0.4. Since (AFAIK) this version of mysql supports parameterised queries, is there a way to accomplish that using mysql_... functions (looks like mysql client library is...
4
by: karthikeyanck | last post by:
How to query MySQL from a web browser URL. I 've a Apache server running on my Ubuntu machine which has PHP and MySQL installed. I 've an assignment to demonstrate how SQL Injection works, I...
4
by: fisherd | last post by:
When i run this code, i keep getting this message; Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\checklogin.php on line 26 i use this code to...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.