Differences

This shows you the differences between two versions of the page.

Link to this comparison view

en:entwickler:sql-injektion [2015/11/04 23:22]
thomas-rcv created
en:entwickler:sql-injektion [2016/12/03 15:13] (current)
ximex typos
Line 14: Line 14:
 Now I put the contents of the variable in: Now I put the contents of the variable in:
   SELECT COUNT(*) FROM adm_users WHERE usr_loginname = '​fasse'​ --' AND usr_password = ' '   SELECT COUNT(*) FROM adm_users WHERE usr_loginname = '​fasse'​ --' AND usr_password = ' '
-Through my apostrophe right behind "​fasse"​ I finish my name in the SQL statement and commited by the two lines, that everything after that is a comment . Thus the statement will return i COUNT = 1 and have reportedly found valid login data, although I didnĀ“t ​have entered a valid password.+Through my apostrophe right behind "​fasse"​ I finish my name in the SQL statement and commited by the two lines, that everything after that is a comment . Thus the statement will return i COUNT = 1 and have reportedly found valid login data, although I didn'​t ​have entered a valid password.
  
 In PHP there is the parameter magic_quotes_gpc,​ which is activated in the default XAMPP. This is for all transfer variables ($ _POST, $ _GET ...) the backslash before each quotation mark. If this parameter is not activated, it will be rescheduled from Admidio since version 1.5 using the function addslashes(). A call to the prepareSQL function is therefore no longer necessary and the function is then also soon to be removed. In PHP there is the parameter magic_quotes_gpc,​ which is activated in the default XAMPP. This is for all transfer variables ($ _POST, $ _GET ...) the backslash before each quotation mark. If this parameter is not activated, it will be rescheduled from Admidio since version 1.5 using the function addslashes(). A call to the prepareSQL function is therefore no longer necessary and the function is then also soon to be removed.
  
  • en/entwickler/sql-injektion.txt
  • Last modified: 2016/12/03 15:13
  • by ximex