Let's take the following vulnerable query ($id not being escaped):
SELECT * FROM table WHERE id = $id
Would it be possible in MySQL 5.x to modify some data through an UPDATE statement which would appear inside the hacked SELECT statement?
I thought about something using benchmark() function:
SELECT * FROM table WHERE id = id OR benchmark(1, (UPDATE ...))
But it doesn't seem to work:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE ...
Any other possibilities not using stored procedure?