Answer the question
In order to leave comments, you need to log in
Is SQL query vulnerable to SQL injection?
Does the \" escaping method secure the query from SQL injection or not?
if( $accounts = $this->mysqli->query("SELECT * FROM `".DB_DB."`.`staff` WHERE `login`=\"$login\"") )
{
$row_cnt = $accounts->num_rows;
if( $row_cnt != NULL )
{
while($row = $accounts->fetch_assoc())
{
if( strcmp( $row['password'] , md5($pass) ) == 0)
{
$this->group = $row['group'];
return true;
}
else
return false;
}
$accounts->close();
}
else
return false;
}
else
return false;
Answer the question
In order to leave comments, you need to log in
No. You need to ensure that there are no request-breaking moments inside the quotes , i.e. in order to escape all quotes inside the quotes around the variable, you must also provide for the substitution of slashes. If this is done, the request will be safe without placeholders.
Depends on where the $login variable comes from and whether it is pre-processed somehow. If you want a guaranteed safe request, use placeholders. If for some reason you cannot use them, then escape all variables coming into the request from outside.
Is SQL query vulnerable to SQL injection?
Use prepared queries and get rid of many SQL injection questions at once. Look for more than 1 article (discussion) on prepared statements (MySQLi || PDO) and into battle.
This particular request is vulnerable because of quotes.
I advise you to continue to check the site with sqlmap or other tools to find possible SQLi. Alternatively, you can do it online with pentest-tools or METASCAN .
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question