tags:

views:

65

answers:

1
Q: 

How can i update a table using SQL Injection?

Hi all,

How can i able to update a table in a MySQL database using SQL Injection?

I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.

Kindly give me an idea professionals...

+6  A: 

You may want to try entering Robert'); DROP TABLE students; -- in your form :)

alt text

In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; -- as his name. Now imagine if that input was used in this query: 

SELECT * FROM students WHERE name = '$input'

As you can see, if we substitute $input for what Bobby entered, you'll get this

SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'

Which are two very valid SQL commands, and a comment.

You may also want to research earlier Stack Overflow questions on SQL Injection.

Daniel Vassallo  2010-10-08 11:42:00
Is it possible to change by updating the table by entering the query in URL. kindly explain
Fero  2010-10-08 11:45:31
@Fero: Yes it is. For example, if you use the querystring from the URL, and insert it into a `SELECT` statement, as in `SELECT * FROM users WHERE username = '$querystring';` Then whatever you pass as the querystring can easily terminate that `SELECT` statement, and execute any another statement, as in the above cartoon.
Daniel Vassallo  2010-10-08 11:50:14
Thanks Dany.. Is there any sites or blogs which explain it breifly...
Fero  2010-10-08 11:51:43
In the above cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted `Robert'); DROP TABLE students; --`... Now imagine if that input was used in this query: `SELECT * FROM students WHERE name = '$input'`... As you can see, if you substitute `$input` for what Bobby entered, you'll get this: `SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'`, which are two valid SQL commands.
Daniel Vassallo  2010-10-08 11:53:23
@Fero: You may want to start with the link that @Piskvor suggested in the above comments. Then I'd recommend going through Stack Overflow.
Daniel Vassallo  2010-10-08 11:54:47
Thank u very much dany...
Fero  2010-10-08 11:54:57
But its throwing an while i worked with phpmyadmin
Fero  2010-10-08 12:13:39

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL