SQL injection that gets around mysql_real_escape_string()?

0 votes

Is there an SQL injection possibility even when using mysql_real_escape_string() function?

Consider this sample situation. SQL is constructed in PHP like this:

$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));

$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";

I have heard numerous people say to me that code like that is still dangerous and possible to hack even with mysql_real_escape_string() function used. But I cannot think of any possible exploit?

Classic injections like this:

aaa' OR 1=1 --

do not work.

Do you know of any possible injection that would get through the PHP code above?

Apr 8 in PHP by kartik
• 10,990 points
29 views

1 answer to this question.

0 votes

Hello @kartik,

Consider the following query:

$iId = mysql_real_escape_string("1 OR 1=1");    
$sSql = "SELECT * FROM table WHERE id = $iId";

mysql_real_escape_string() will not protect you against this. The fact that you use single quotes (' ') around your variables inside your query is what protects you against this. The following is also an option:

$iId = (int)"1 OR 1=1";
$sSql = "SELECT * FROM table WHERE id = $iId";
answered Apr 8 by Niroj
• 22,110 points

Related Questions In PHP

0 votes
1 answer

How to make anchor tag with routing using Laravel?

Hey @kartik, First you have to go to ...READ MORE

answered Mar 18 in Laravel by Niroj
• 22,110 points
417 views
0 votes
1 answer

What is redirection in Laravel?

Named route is used to give specific ...READ MORE

answered Mar 18 in Laravel by Niroj
• 22,110 points
62 views
0 votes
1 answer

How to install Laravel via composer?

Hello, This is simple you just need to ...READ MORE

answered Mar 23 in Laravel by Niroj
• 22,110 points
64 views
0 votes
1 answer

What are named routes in Laravel and How can specify route names for controller actions?

Hey @kartik, Named routing is another amazing feature of ...READ MORE

answered Mar 23 in Laravel by Niroj
• 22,110 points
139 views
0 votes
1 answer

Connection with MySQL server using PHP. How can we do that?

Hey @kartik, You have to provide MySQL hostname, ...READ MORE

answered Mar 27 in PHP by Niroj
• 22,110 points
40 views
0 votes
1 answer

Is it that new bitcoins gets created with the every block mined??

Bitcoin mining means validation of a block ...READ MORE

answered Apr 20, 2018 in Blockchain by Perry
• 17,090 points
58 views
0 votes
1 answer

Write a SQL query to find the names of employees that begin with ‘S’

To display the name of the employees ...READ MORE

answered Sep 26, 2018 in Database by Sahiti
• 6,290 points
125 views
0 votes
1 answer

Control EC2 instances that gets removed by an AutoScalingGroup using Amazon Web Services?

In a nutshell, the default termination policy ...READ MORE

answered Sep 27, 2018 in AWS by Priyaj
• 57,530 points
369 views
0 votes
1 answer

Append excel data and In house database data that gets refresh evey 24 hour

Hi, You can try this way, A  -  Actual ...READ MORE

answered Mar 20, 2019 in Power BI by Sindhu
45 views