Home/ Questions/Q 9244469
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T09:02:26+00:00

So I know the basics of a SQL injection attack, with entries that are

  • 0

So I know the basics of a SQL injection attack, with entries that are not sanitized. So 

SELECT id FROM users WHERE username='$username' AND password='$password'

(Note that $password is hashed) would be defeated with $username=x' or 1=1; --

A friend said that if you throw a \n character into your source code, then you can’t comment the rest of the query out. So if you have 

Select id
from users
where username='$username'
and password='$password'

in php, and then submit it to the query, then even if they tried to comment out the username, it would error because the and password='$password' would still try and be executed.

I tried it, and he seems to be correct. So, my question is, while you should still sanitize your database inputs, does this prevent an attack like this, or is there a way to bypass it still?

I don’t know if it matters, but I’m talking specifically about mysql here.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I toyed around a bit with this, but I don’t see this method of using newlines helping at all. Maybe there’s some differences between different versions of mysql clients, but running PHP with MySQL-ND adding the newlines doesn’t seem to help against sending the username x' OR 1=1 OR ', this doesn’t rely on the -- commenting at all, which effectively defeats the whole purpose of the newline.

    There may be easier and other ways around it as well, but it seems quite easily defeated at least. I would never trust a “clever solution” like this.

    • 0