Home/ Questions/Q 6874117
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T04:09:17+00:00

I have posted about this before but never in this regard so please take

  • 0

I have posted about this before but never in this regard so please take a look:

I was told one way to do sql injections was to use 1=1 where someone can see all entries that don’t belong to them.

But lets say i structure my query so that it also selects the user_id of the current user, would that work:

  $userid = Current users stored id in database;
  $postid = mysql_real_escape_string($_GET['id']);

And now lets assume that i enter: domain.com/page.php?id='' OR '1'='1'

Select article_name from table where user_id=$userid and post_id=$postid

Will the query still return everything or will it not since i have added the User_id barrier?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql_real_escape_string() is for sanitizing strings only. It does NOT protect from SQL injection in integers that are not wrapped in quotes, so your observation is correct: What is shown above is indeed not safe despite mysql_real_escape_string().

    You need to either wrap your values in quotes:

    Select article_name from table where user_id='$userid' and post_id='$postid'

    or make sure that $userid and $postid are integers before running the query.

    • 0