Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
What are the best PHP input sanitizing functions?
Let’s say I have a $_GET variable with the name “id”. The $_GET variable is then used in a mysql query to retrieve some data like SELECT text FROM database WHERE id=$_GET['id'];
Would null byte injection in my $_GET variable affect me assuming I’m using common security functions like mysql_real_escape_string(), addslashes(), and strip_tags()?
Probably not, but a much more simple injection would affect you. Try passing this as the GET parameter:
and run it through the query you show above. It will allow injection of arbitrary SQL even when using
mysql_real_escape_string.Contrary to popular belief,
mysql_real_escape_string()will not protect you if your value is not enclosed in quotes.If querying for numeric values, either test whether it’s a number before inserting the value into the string, or put the value into quotes:
addslashesandstrip_tagshave no value at all in this context. They only serve to break data, but they add no security when inserting stuff in a database. Just get rid of them. (strip_tagsmay be appropriate later when you output something on a HTML page.)