0 votes
1 view
in SQL by (6.1k points)

Is there any SQL injection possibility still while using mysql_real_escape_string() function?

Consider this sample situation. SQL is constructed in PHP like below:

$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));

$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";

Some people told me that code like that is still dangerous and possible to hack also with mysql_real_escape_string() function used. Although I cannot think of any possible exploit?

Classic injections like this:

aaa' OR 1=1 --

Also does not work.

Does anybody know any possible injection that would get through the PHP code above?

1 Answer

0 votes
by (12.7k points)

You can consider the below query:

$iId = mysql_real_escape_string("1 OR 1=1");    
$sSql = "SELECT * FROM table WHERE id = $iId";

mysql_real_escape_string() will not defend you against this. The truth that you use single quotes (' ') around your variables inside your query is what defends you against this. The following is also an option:

$iId = (int)"1 OR 1=1";
$sSql = "SELECT * FROM table WHERE id = $iId";

 Want to be a SQL expert? Join Intellipaat's SQL Training program to learn more.

Related questions

0 votes
1 answer
asked Nov 29, 2020 in SQL by Appu (6.1k points)
0 votes
1 answer
asked Dec 31, 2020 in SQL by Appu (6.1k points)
0 votes
1 answer
asked Oct 7, 2019 in SQL by Tech4ever (20.3k points)
0 votes
1 answer
asked Jul 30, 2019 in SQL by Tech4ever (20.3k points)
Welcome to Intellipaat Community. Get your technical queries answered by top developers !


Categories

...