Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it possible to have a subquery modifying the database in a SELECT-Query? The relevant database is a mysql database.
Some more details:
The relevant query looks like this:
SELECT * FROM table WHERE id = $x
And the variable $x can be replaced with anything. The only restriction is, that the query is executed via php’s mysql_query(), which prevents the execution of multiple subsequent queries. In that case, modifying the DB would be easy, simply set
$x = "42; DROP TABLE foo;"
EDIT:
mysql_query()only prevents multiple queries in versions of MySql earlier than 5.0. MySql 5.0 or later will allow multiple commands separated by;when usingmysql_query().So, yes, a SQL Injection attack is capable of doing whatever commands the login used to connect to the database has permissions to do.
If you connect using admin privileges, the attack could do essentially any possible modification to your database.
For example, say that you concatenate the $email value to the SQL string below:
But lets say that the $email value contains the string:
You end up with the following statement:
Even if modifications weren’t allowed by the login that you’re using to connect to the database, SQL Injection attacks could be used to scrape every bit of data our of your database…
It’s definitely recommended that you protect yourself by using some form of parameterized queries in your client application.