SQL injection that gets around mysql real escape string

0 votes

Is there an SQL injection possibility even when using mysql_real_escape_string() function?

Consider this sample situation. SQL is constructed in PHP like this:

$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));

$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";

I have heard numerous people say to me that code like that is still dangerous and possible to hack even with mysql_real_escape_string() function used. But I cannot think of any possible exploit?

Classic injections like this:

aaa' OR 1=1 --

do not work.

Do you know of any possible injection that would get through the PHP code above?

Apr 8, 2020 in PHP by kartik
• 37,510 points
1,016 views

1 answer to this question.

0 votes

Hello @kartik,

Consider the following query:

$iId = mysql_real_escape_string("1 OR 1=1");    
$sSql = "SELECT * FROM table WHERE id = $iId";

mysql_real_escape_string() will not protect you against this. The fact that you use single quotes (' ') around your variables inside your query is what protects you against this. The following is also an option:

$iId = (int)"1 OR 1=1";
$sSql = "SELECT * FROM table WHERE id = $iId";
answered Apr 8, 2020 by Niroj
• 82,720 points

Related Questions In PHP

0 votes
0 answers

How to have SQL injection when using php function?

I'm having sql query as $login = mysql_real_escape_string(GetFromPost('login')); $password ...READ MORE

Sep 23, 2020 in PHP by Rohan
• 120 points
95 views
0 votes
2 answers

Define a SQL query? What is the difference between SELECT and UPDATE Query? How do you use SQL in SAS?

HI.. SQL is Structured Query Language, which is ...READ MORE

answered Aug 8, 2020 in PHP by anonymous
2,344 views
0 votes
1 answer

How to put an 'if clause' in an SQL string?

Hello @kartik, For your specific query, you can ...READ MORE

answered Jun 1, 2020 in PHP by Niroj
• 82,720 points
114 views
0 votes
1 answer

How do I UPDATE from a SELECT in SQL Server?

Hello @kartik, In SQL Server, use MERGE MERGE INTO YourTable ...READ MORE

answered Jul 21, 2020 in PHP by Niroj
• 82,720 points
164 views
+1 vote
1 answer

How to make anchor tag with routing using Laravel?

Hey @kartik, First you have to go to ...READ MORE

answered Mar 18, 2020 in Laravel by Niroj
• 82,720 points
7,156 views
0 votes
1 answer

What is redirection in Laravel?

Named route is used to give specific ...READ MORE

answered Mar 18, 2020 in Laravel by Niroj
• 82,720 points
817 views
0 votes
1 answer

How to install Laravel via composer?

Hello, This is simple you just need to ...READ MORE

answered Mar 23, 2020 in Laravel by Niroj
• 82,720 points
637 views
+1 vote
1 answer

What are named routes in Laravel and How can specify route names for controller actions?

Hey @kartik, Named routing is another amazing feature of ...READ MORE

answered Mar 23, 2020 in Laravel by Niroj
• 82,720 points
7,572 views
0 votes
1 answer

Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM' at line 9

Hello @kartik, Replace TYPE=MyISAM with ENGINE=MyISAM The problem was "TYPE=MyISAM" which should ...READ MORE

answered Nov 16, 2020 in PHP by Niroj
• 82,720 points
1,285 views
0 votes
1 answer

Connection with MySQL server using PHP. How can we do that?

Hey @kartik, You have to provide MySQL hostname, ...READ MORE

answered Mar 27, 2020 in PHP by Niroj
• 82,720 points
176 views