P
P
Pavel2016-08-26 23:26:58
PHP
Pavel, 2016-08-26 23:26:58

Is SQL query vulnerable to SQL injection?

Does the \" escaping method secure the query from SQL injection or not?

if( $accounts = $this->mysqli->query("SELECT * FROM `".DB_DB."`.`staff` WHERE `login`=\"$login\"") )
      {
        $row_cnt = $accounts->num_rows;
        if( $row_cnt != NULL )
        {
          while($row = $accounts->fetch_assoc())
          {
            if( strcmp( $row['password'] , md5($pass) ) == 0)
            {
              $this->group = $row['group'];
              return true;
            }
            else
              return false;
          }
          $accounts->close();
        }
        else
          return false;
      }
      else
        return false;

Answer the question

In order to leave comments, you need to log in

6 answer(s)
R
Rsa97, 2016-08-26
@Rsa97

No. Security is provided by prepared expressions with placeholders.

A
Alexey Nikolaev, 2016-08-27
@Heian

No. You need to ensure that there are no request-breaking moments inside the quotes , i.e. in order to escape all quotes inside the quotes around the variable, you must also provide for the substitution of slashes. If this is done, the request will be safe without placeholders.

S
SagePtr, 2016-08-27
@SagePtr

Depends on where the $login variable comes from and whether it is pre-processed somehow. If you want a guaranteed safe request, use placeholders. If for some reason you cannot use them, then escape all variables coming into the request from outside.

I
index0h, 2016-08-27
@index0h

Is SQL query vulnerable to SQL injection?

Yes. Example
Only if you are escaping inline strings. Today this is done through placeholders.

E
Erling, 2016-08-27
@Erling

Use prepared queries and get rid of many SQL injection questions at once. Look for more than 1 article (discussion) on prepared statements (MySQLi || PDO) and into battle.

A
Anonymous Anonimov, 2019-01-15
@dmitry_meta

This particular request is vulnerable because of quotes.
I advise you to continue to check the site with sqlmap or other tools to find possible SQLi. Alternatively, you can do it online with pentest-tools or METASCAN .

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question