1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support

Linear Mode
MySQL injection
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#2

17.02.2013, 19:05
Escape any and all user input. That's basically it. SQL injection is done by inserting characters that have special meanings in an SQL query. Such as:

PHP код:
select id from players where name '%s' and password '%s' 
and the player inputs a "password":
PHP код:
abc'; drop table players; -- 
Final query will look like
PHP код:
select id from players where name 'aplayer' and password 'abc'drop table players; --
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
MySQL injection - by Height - 17.02.2013, 18:45
Re: MySQL injection - by Vince - 17.02.2013, 19:05

Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Server
  3. Server Support