SQL INJECTION and two queries

Question

SQL INJECTION and two queries

So, I read an article about SQL injection and an example appeared:

SELECT * FROM table_name WHERE smth = 'x'; 
UPDATE table_name SET smth ='smth@email.addr' WHERE user = 'admin';

Why is this not working? Or is this an old article, and today is the same nonsense? So how do hackers upgrade mysql? Thank.

+3

sql injection

good_evening Jan 26 '10 at 15:09

source share

5 answers

, .

, sql- .

SQL- , .

0

Zyphrax 26 . '10 15:15

SQL- :

-, . , :

select * from animals where name = '$[what the user typed in]';

, , :

select * from animals where name = 'sheep';

, : `sheep '; ? , , :

select * from animals where name = 'sheep'; drop table animals;

.

, , - , , SQL, .

0

David Oneill 26 . '10 15:16

DB 101 SQL-, . - , , SQL. - , , , SQL .

0

Michael Krauklis 26 . '10 15:16

SQL- , "", . , PHP script, - :

<?php
$smth_value = $_POST["smth"];  // some form field
$smth_user  = $_POST["user"];  // some other form field
$smth_email = $_POST["email"]; // yet another form field

$sql1 = "SELECT * FROM table_name WHERE smth = '".$smth_value."'";  
$sql2 = "UPDATE table_name SET smth ='".$smth_email."' WHERE user = '".$smth_user."'";

mysql_query($sql1);
mysql_query($sql2);    
?>

( - ), "" SQL , SQL , SQL , . , - "smth" - :

';DELETE FROM table_name WHERE 1=1 OR smth='

$sql1 :

SELECT * FROM table_name WHERE smth = '';DELETE FROM table_name WHERE 1=1 OR smth=''

... table_name.

PHP, mysql_escape_string, . , , . , . , .

0

vicatcu 26 . '10 15:22

George Johnston · Accepted Answer · 2010-01-26T15:16:19+0000

Most sites currently use parameterized SQL — not embedded SQL. The situation would have happened if, for example, embedded SQL was analyzed, similar to the following:

Unparameterized Pseudo

string sql = "SELECT * FROM table_name WHERE smth='" + UserInput + "'";
ExecuteSql(sql);

... where UserInput defines the element on the website.

Instead of adding valid data to the UserInput field, you add

UserInput = '';DROP table_name;

... you are actually adding new logic to the end of the request, which leads to malicious use of the system.

SQL-, , .

UserInput , , .

:

Adapter proc;
proc.StoredProcedure = "GetUserNames"
proc.AddParameter("@USER",UserInput);
proc.Execute();

... @USER "'\; DROP table_name;", SQL ol.

SQL INJECTION and two queries

More articles: