Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is this query hackable using sql injection ?
SELECT count(*) FROM mytable_fts where mytable_fts match ?
example
SELECT count(*) FROM mytable_fts where mytable_fts match “a”
I tried using
SELECT count(*) FROM mytable_fts where mytable_fts match "a" OR 1==1
but it didn’t worked as it is going as match parameter.
can any body give example of sql injection on this query ?
SQL injection vulnerability has less to do with the query itself, than with how the query is constructed. If you use query variables instead of string concatenation, you will be OK. If you use string concatenation, then any query with parameters is vulnerable.