SQL injection that gets around mysql real escape string

0 votes

Is there an SQL injection possibility even when using mysql_real_escape_string() function?

Consider this sample situation. SQL is constructed in PHP like this:

$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));

$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";

I have heard numerous people say to me that code like that is still dangerous and possible to hack even with mysql_real_escape_string() function used. But I cannot think of any possible exploit?

Classic injections like this:

aaa' OR 1=1 --

do not work.

Do you know of any possible injection that would get through the PHP code above?

Apr 9, 2020 in PHP by kartik
• 37,530 points
1,282 views

1 answer to this question.

0 votes

Hello @kartik,

Consider the following query:

$iId = mysql_real_escape_string("1 OR 1=1");    
$sSql = "SELECT * FROM table WHERE id = $iId";

mysql_real_escape_string() will not protect you against this. The fact that you use single quotes (' ') around your variables inside your query is what protects you against this. The following is also an option:

$iId = (int)"1 OR 1=1";
$sSql = "SELECT * FROM table WHERE id = $iId";
answered Apr 9, 2020 by Niroj
• 82,820 points

Related Questions In PHP

0 votes
0 answers

How to have SQL injection when using php function?

I'm having sql query as $login = mysql_real_escape_string(GetFromPost('login')); $password ...READ MORE

Sep 23, 2020 in PHP by Rohan
• 120 points
133 views
0 votes
2 answers

Define a SQL query? What is the difference between SELECT and UPDATE Query? How do you use SQL in SAS?

HI.. SQL is Structured Query Language, which is ...READ MORE

answered Aug 8, 2020 in PHP by anonymous
3,192 views
0 votes
1 answer

How to put an 'if clause' in an SQL string?

Hello @kartik, For your specific query, you can ...READ MORE

answered Jun 1, 2020 in PHP by Niroj
• 82,820 points
152 views
0 votes
1 answer

How do I UPDATE from a SELECT in SQL Server?

Hello @kartik, In SQL Server, use MERGE MERGE INTO YourTable ...READ MORE

answered Jul 21, 2020 in PHP by Niroj
• 82,820 points
237 views
+1 vote
1 answer

How to make anchor tag with routing using Laravel?

Hey @kartik, First you have to go to ...READ MORE

answered Mar 18, 2020 in Laravel by Niroj
• 82,820 points
9,937 views
0 votes
1 answer

What is redirection in Laravel?

Named route is used to give specific ...READ MORE

answered Mar 18, 2020 in Laravel by Niroj
• 82,820 points
1,113 views
0 votes
1 answer

How to install Laravel via composer?

Hello, This is simple you just need to ...READ MORE

answered Mar 23, 2020 in Laravel by Niroj
• 82,820 points
894 views
+1 vote
1 answer

What are named routes in Laravel and How can specify route names for controller actions?

Hey @kartik, Named routing is another amazing feature of ...READ MORE

answered Mar 23, 2020 in Laravel by Niroj
• 82,820 points
11,155 views
0 votes
1 answer

Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM' at line 9

Hello @kartik, Replace TYPE=MyISAM with ENGINE=MyISAM The problem was "TYPE=MyISAM" which should ...READ MORE

answered Nov 16, 2020 in PHP by Niroj
• 82,820 points
1,827 views
0 votes
1 answer

Connection with MySQL server using PHP. How can we do that?

Hey @kartik, You have to provide MySQL hostname, ...READ MORE

answered Mar 27, 2020 in PHP by Niroj
• 82,820 points
247 views