What kind of SQL injections do you know? | ansaurus

tags:

views:

144

answers:

4

+1 Q:

What kind of SQL injections do you know?

I'll provide a simple one here:

$query = "select id from accounts where email='$_POST[email]' and psw='$_POST[password]'";
$result = mysql_query($query,$con);
if($row = mysql_fetch_assoc($result))
    return true;
else
    return false;

If the password is 1' or '1'='1,then will do the trick!

What other tips have you known?

A:

SQL Injection - Forms of Vulnerability

Ben S 2009-12-09 03:57:05

A:

Open Web Application Security Project (OWASP) - SQL Injection Examples

cxfx 2009-12-09 04:03:24

A:

These are other popular forms of SQL Injection Detection and Testing:

Union Query SQL Injection Testing
Blind SQL Injection Testing
Stored Procedure Injection

Testing For SQL Injection

Shankar Ramachandran 2009-12-09 04:06:16

+1 A:

Probably the most popuplar example of SQL injection ( from XKCD):

alt text

MadCoder 2009-12-09 04:32:24

related questions

Backup SQL Schema Only?

Sql to query a dbs scheme

Timer-based event triggers

Sql query, count and group by

Paging SQL Server 2005 Results

SQL 2005 For XML Explicit - Need help formatting

How do I use T-SQL Group By

What all do I need to escape when sending a (My)SQL query?

Split String in SQL

Datatable vs Dataset

ASP.NET MVC "CRUD" Database Sample

Convert HashBytes to VarChar

Best Book for a new Database Developer

What is the best way to avoid SQL injection attacks?

What language do you use for Postgresql triggers and stored procedures?

What is the best way to handle multiple permission types?

How do I index a database field

Swap unique indexed column values in database.

cx_Oracle - what is the best way to iterate over a result set?

cx_Oracle - How do I access Oracle from Python?

Is there a version control system for database structure changes?

How to export data from SQL Server 2005 to MySQL

ASP.NET Site Maps

Decoding T-SQL CAST in C#/VB.net

Flat File Databases in PHP