Linked Questions
1,993 questions linked to/from SQL injection that gets around mysql_real_escape_string()
7
votes
1
answer
5k
views
Is mysql_real_escape_string is really safe to use? [duplicate]
OK, I have one question before I start coding MySQL in my school project. Is mysql_real_escape_string is really safe to use? I've heard that it's still not really safe to use..So are there any tweaks ...
- 83
10
votes
1
answer
3k
views
How can mysqli_real_escape_string fail to prevent a SQL injection? [duplicate]
First of all, I get that people want to use stored procedures so that they reuse queries and have the escaping taken care of. However, I have read many developers say that mysqli_real_escape_string ...
- 2,548
1
vote
1
answer
2k
views
Mysqli_real_escape_string with Single Quotes - Is it Safe? [duplicate]
So I know that using prepared statements with placeholders is pretty much the only way to protect yourself from SQL injection due to poor formatting of your queries. However, I also see many people ...
- 87
3
votes
0
answers
2k
views
Multibyte SQL injection [duplicate]
This is so often discussed issue, I know, but I've recently found this vulnerability and I'm testing whether I'm resistant to such an injection, however I'm not able to simulate that behavior. ...
- 392
0
votes
0
answers
2k
views
Is mysqli_real_escape_string enough to prevent SQL injection? [duplicate]
I have the following php script to insert a form user input data into the database. Is mysqli_real_escape_string enough to prevent SQL injection if I don't wish to use prepared statements to bind ...
- 133
-2
votes
2
answers
446
views
Someone has dropped a table in my database. How? [duplicate]
In my php scripts ALL input are "filtered" with mysqli_real_escape_string in this way:
$categoryid = mysqli_real_escape_string($link, $_GET['id']);
$query = "SELECT categories.id AS cid, categories....
- 26.7k
5
votes
0
answers
260
views
How to SQL inject when mysql_real_escape_string is used [duplicate]
This was marked as a duplicate, but I don't think that is a fair judgement. Again the question is being passed off with an easy answer... but it isn't the correct answer. If the "duplicate" answer is ...
- 4,585
-3
votes
2
answers
465
views
Is using is_string() a good defense against SQL Injection? [duplicate]
I was trying to look for mitigation of SQL Injection against my web application based on PHP and MySQL. The first rule is to sanitize the query; Hence I am using mysql_real_escape_string() function ...
- 107
-1
votes
2
answers
149
views
Is there any way to SQL inject in my code? [duplicate]
I'm not familiar with sql injection and I wanna know if there is any invulnerability in my script, if there is please point it out and give me some tip to fix it.
<?php
include("config.php");
?>...
- 11
0
votes
0
answers
70
views
Is this function enough for preventing SQL Injection? [duplicate]
I created this simple function and want to know that if it is enough for preventing SQL Injection.
$sub_username = encr(mysqli_real_escape_string($conn, $_POST['username']));
$sub_password = encr(...
- 309
0
votes
0
answers
33
views
Why would an extra backslash get added to php form input? [duplicate]
I have a sever on the Internet running php 7.4.33 with wordpress includes to show the correct interface and a test server on Win10 using xampp running PHP 7.4.27 without any wordpress includes.
I put ...
- 2,533
0
votes
0
answers
35
views
How deeply to test SQL injection vulnerability [duplicate]
Image the following situation:
I know(I can see) in the code that before querying to DB using an input field parameter, there is a function which escapes all chars. Pseudo code:
escape_all_chars(...
- 1,633
0
votes
0
answers
23
views
Bypassing escaping string and prepared statements in php [duplicate]
I'm working on my bachelor thesis about security of sql databases. I was using sqlmap to check vulnerable sql queries. Is there up to date sql injection that can bypass escaping string done with ...
2769
votes
27
answers
2.2m
views
How can I prevent SQL injection in PHP?
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input'];
...
1291
votes
39
answers
286k
views
Reference - What does this error mean in PHP?
What is this?
This is a number of answers about warnings, errors, and notices you might encounter while programming PHP and have no clue how to fix them. This is also a Community Wiki, so everyone is ...