Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQL injection and such #47

Closed
minitech opened this issue May 17, 2013 · 2 comments
Closed

SQL injection and such #47

minitech opened this issue May 17, 2013 · 2 comments

Comments

@minitech
Copy link

Please just use parametrized queries. Ignoring registration for the moment, what if someone logs in with this username?

blahblah' UNION ALL SELECT 'admin' AS user_name, 'admin@yoursite.com' AS user_email, '$1$$/PWPe740uvaQxKzRH.Zxj1' AS user_password_hash --

Impersonate any user, yay. (The password is hello, by the way.)
@panique
Copy link
Owner

panique commented May 17, 2013

I just tried your SQL injection and - voila - everything is escaped perfectly, no injection possible. But i totally agree to the point that prepared statements would be "better", but most php people still don't use them and have problems on using them. I will think about this...

@minitech
Copy link
Author

Oops, I misread the registration page. In which case, let’s just turn this into “outputting user details will come out SQL-escaped”, e.g. Ryan O'HaraRyan O\'Hara.

Sorry =P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@panique @minitech