Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:entwickler:sql-injektion [2015/11/04 23:22] – created thomas-rcven:entwickler:sql-injektion [2016/12/03 15:13] (current) – typos ximex
Line 14: Line 14:
 Now I put the contents of the variable in: Now I put the contents of the variable in:
   SELECT COUNT(*) FROM adm_users WHERE usr_loginname = 'fasse' --' AND usr_password = ' '   SELECT COUNT(*) FROM adm_users WHERE usr_loginname = 'fasse' --' AND usr_password = ' '
-Through my apostrophe right behind "fasse" I finish my name in the SQL statement and commited by the two lines, that everything after that is a comment . Thus the statement will return i COUNT = 1 and have reportedly found valid login data, although I didn´t have entered a valid password.+Through my apostrophe right behind "fasse" I finish my name in the SQL statement and commited by the two lines, that everything after that is a comment . Thus the statement will return i COUNT = 1 and have reportedly found valid login data, although I didn'have entered a valid password.
  
 In PHP there is the parameter magic_quotes_gpc, which is activated in the default XAMPP. This is for all transfer variables ($ _POST, $ _GET ...) the backslash before each quotation mark. If this parameter is not activated, it will be rescheduled from Admidio since version 1.5 using the function addslashes(). A call to the prepareSQL function is therefore no longer necessary and the function is then also soon to be removed. In PHP there is the parameter magic_quotes_gpc, which is activated in the default XAMPP. This is for all transfer variables ($ _POST, $ _GET ...) the backslash before each quotation mark. If this parameter is not activated, it will be rescheduled from Admidio since version 1.5 using the function addslashes(). A call to the prepareSQL function is therefore no longer necessary and the function is then also soon to be removed.
  
  • en/entwickler/sql-injektion.txt
  • Last modified: 2016/12/03 15:13
  • by ximex