Successful SQL Injection despite PHP Magic Quotes | ansaurus

tags:

views:

414

answers:

1

Q:

Successful SQL Injection despite PHP Magic Quotes

I have always read that Magic Quotes do not stop SQL Injections at all but I am not able to understand why not! As an example, let's say we have the following query:

SELECT * FROM tablename
  WHERE email='$x';

Now, if the user input makes $x=' OR 1=1 --, the query would be:

SELECT * FROM tablename
  WHERE email='\' OR 1=1 --';

The backslash will be added by Magic Quotes with no damage done whatsoever!

Is there a way that I am not seeing where the user can bypass the Magic Quote insertions here?

+2 A:

The trick is usually to pass a binary value so that the backslash would become a part of valid multibyte character. Here is a blog post about it.

newtover 2010-04-29 12:24:43

related questions

Remove Quotes and Commas from a String in MySQL

What's the best way of converting a mysql database to a sqlite one?

How do you manage databases in development, test, and production?

Multiple foreign keys?

Add 1 to a field (MySQL)

Issues using MS Access as a front-end to a MySQL database back-end?

Bigger than a char but smaller than a blob

How do I retrieve my MySQL username and password?

Long-time LAMP Developer moving to VB.NET

How do I Concatenate entire result sets in MySQL?

Full complete MySQL database replication? Ideas? What do people do?

SQL: Distribution of table in time

SQLite vs MySQL

How do I create a new Ruby on Rails application using MySQL instead of SQLite?

Multiple Updates in MySQL

MySQL/Apache Error in PHP MySQL query

What all do I need to escape when sending a (My)SQL query?

Auto Generate Database Diagram MySQL

Mechanisms for tracking DB schema changes

How big can a MySQL database get before performance starts to degrade.

Python and MySQL

SQL Server 2005 implementation of MySQL REPLACE INTO?

How to export data from SQL Server 2005 to MySQL

Throw Error In MySQL Trigger

Binary Data in MySQL