Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Egor2021-03-26 15:01:38
SQL
Egor, 2021-03-26 15:01:38

How to do SQL injection on MY server?

I decided to learn how to protect myself from SQL injections.
I immediately tried to test it on my server. There is a query that gets a user from the database by his id:

SELECT * FROM `users` WHERE `id` = '{$_POST['id']}'
. If you substitute id 1, you get . How can you perform a SQL injection by getting a user with id 2 as well? SELECT * FROM `users` WHERE `id` = '1'

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
ayazer, 2021-03-26
@KenKup11

if id is equal to "1' or `id`='2" then you will get
SELECT * FROM `users` WHERE `id` = '1' or `id`='2'

Similar questions
S
strelkovandreyv2019-09-10 07:09:07
What is the PHP file manager with the ability to connect via SMB to Windows share? 2Reply
M
maximka122017-04-20 21:35:28
How to compare two xlsx files? 5Reply
N
NyxDeveloper2021-05-04 16:15:55
How to forbid assigning id to fields of ForignKey of that object, whose certain field is equal to False? 4Reply
K
Kordamon2019-11-07 18:48:19
Dropbox: how to unsync for a subfolder? 3Reply
A
Asya2020-11-29 12:22:50
How to query the database itself (SQL)? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question