SQL Injection
SQL Injection
$
sql =
"SELECT * FROM user WHERE username = '"
.
$
_POST
[
'username'
]
.
"' AND password = '"
.
$
_POST
[
'password'
]
.
"'"
;
?username=admin%27+-- (admin' --)
?username=?username=admin%27+OR+%27a%27%3D%27b (admin' OR 'A'='A)
Use subsystem specialized method for quoting/escaping
mysql_escape_string ()
pg_escape_string ()
dbms
_escape_string ()
add_slashes() // last resort