MySQL injection - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: MySQL injection (/showthread.php?tid=416627)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: MySQL injection (/showthread.php?tid=416627)
MySQL injection - Height - 17.02.2013
Can anyone explain me what is MYSQL injection? How it happens? Where it is done? In what ways it is done? What are the ways to prevent it? I need the help because i dont whats an SQL inject
Re: MySQL injection - Vince - 17.02.2013
Escape any and all user input. That's basically it. SQL injection is done by inserting characters that have special meanings in an SQL query. Such as:
PHP код:
select id from players where name = '%s' and password = '%s'
PHP код:
abc'; drop table players; --
PHP код:
select id from players where name = 'aplayer' and password = 'abc'; drop table players; --'