SQL injection that gets around mysql real escape string

0 votes

Is there an SQL injection possibility even when using mysql_real_escape_string() function?

Consider this sample situation. SQL is constructed in PHP like this:

$login = mysql_real_escape_string(GetFromPost('login'));
$password = mysql_real_escape_string(GetFromPost('password'));

$sql = "SELECT * FROM table WHERE login='$login' AND password='$password'";

I have heard numerous people say to me that code like that is still dangerous and possible to hack even with mysql_real_escape_string() function used. But I cannot think of any possible exploit?

Classic injections like this:

aaa' OR 1=1 --

do not work.

Do you know of any possible injection that would get through the PHP code above?

Apr 9, 2020 in PHP by kartik
• 37,520 points
4,015 views

1 answer to this question.

0 votes

Hello @kartik,

Consider the following query:

$iId = mysql_real_escape_string("1 OR 1=1");    
$sSql = "SELECT * FROM table WHERE id = $iId";

mysql_real_escape_string() will not protect you against this. The fact that you use single quotes (' ') around your variables inside your query is what protects you against this. The following is also an option:

$iId = (int)"1 OR 1=1";
$sSql = "SELECT * FROM table WHERE id = $iId";
answered Apr 9, 2020 by Niroj
• 82,840 points

Related Questions In PHP

0 votes
0 answers

How to have SQL injection when using php function?

I'm having sql query as $login = mysql_real_escape_string(GetFromPost('login')); $password ...READ MORE

Sep 23, 2020 in PHP by Rohan
• 120 points
971 views
0 votes
0 answers

How can I prevent SQL injection in PHP?

The programme  becomes vulnerable to SQL injection ...READ MORE

Jul 28, 2022 in PHP by Kithuzzz
• 38,000 points
441 views
0 votes
2 answers

Define a SQL query? What is the difference between SELECT and UPDATE Query? How do you use SQL in SAS?

HI.. SQL is Structured Query Language, which is ...READ MORE

answered Aug 8, 2020 in PHP by anonymous
10,540 views
0 votes
1 answer

How to put an 'if clause' in an SQL string?

Hello @kartik, For your specific query, you can ...READ MORE

answered Jun 1, 2020 in PHP by Niroj
• 82,840 points
953 views
+1 vote
1 answer

How to make anchor tag with routing using Laravel?

Hey @kartik, First you have to go to ...READ MORE

answered Mar 18, 2020 in Laravel by Niroj
• 82,840 points
23,012 views
0 votes
1 answer

What is redirection in Laravel?

Named route is used to give specific ...READ MORE

answered Mar 18, 2020 in Laravel by Niroj
• 82,840 points
2,995 views
0 votes
1 answer

How to install Laravel via composer?

Hello, This is simple you just need to ...READ MORE

answered Mar 23, 2020 in Laravel by Niroj
• 82,840 points
2,918 views
+1 vote
1 answer

What are named routes in Laravel and How can specify route names for controller actions?

Hey @kartik, Named routing is another amazing feature of ...READ MORE

answered Mar 23, 2020 in Laravel by Niroj
• 82,840 points
44,691 views
0 votes
1 answer

Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM' at line 9

Hello @kartik, Replace TYPE=MyISAM with ENGINE=MyISAM The problem was "TYPE=MyISAM" which should ...READ MORE

answered Nov 16, 2020 in PHP by Niroj
• 82,840 points
11,322 views
0 votes
1 answer

Connection with MySQL server using PHP. How can we do that?

Hey @kartik, You have to provide MySQL hostname, ...READ MORE

answered Mar 27, 2020 in PHP by Niroj
• 82,840 points
1,295 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP