Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')
- // Value whitelist
- // $dir can only be 'DESC' otherwise it will be 'ASC'
- if (empty($dir) || $dir !== 'DESC') {
- $dir = 'ASC';
- }
- //Connect
- $unsafe_variable = $_POST["user-input"];
- $safe_variable = mysql_real_escape_string($unsafe_variable);
- mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
- //Disconnect
- <?php
- $mysqli = new mysqli("server", "username", "password", "database_name");
- // TODO - Check that connection was successful.
- $unsafe_variable = $_POST["user-input"];
- $stmt = $mysqli->prepare("INSERT INTO table (column) VALUES (?)");
- // TODO check that $stmt creation succeeded
- // "s" means the database expects a string
- $stmt->bind_param("s", $unsafe_variable);
- $stmt->execute();
- $stmt->close();
- $mysqli->close();
- ?>
- $orders = array("name","price","qty"); //field names
- $key = array_search($_GET['sort'],$orders)); // see if we have such a name
- $orderby = $orders[$key]; //if not, first one will be set automatically. smart enuf :)
- $query = "SELECT * FROM `table` ORDER BY $orderby"; //value is safe
- $stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
- $stmt->bindValue(':id', $id);
- $stmt->bindValue(':name', $name);
- $stmt->execute();
- SELECT password FROM users WHERE name = 'root'
- SELECT password FROM users WHERE name = 0x726f6f74
- SELECT password FROM users WHERE name = UNHEX('726f6f74')
- "SELECT title FROM article WHERE id = " . mysql_real_escape_string($_GET["id"])
- $name_bad = "' OR 1'";
- $name_bad = mysql_real_escape_string($name_bad);
- $query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
- echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";
- $name_evil = "'; DELETE FROM customers WHERE 1 or username = '";
- $name_evil = mysql_real_escape_string($name_evil);
- $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
- echo "Escaped Evil Injection: <br />" . $query_evil;
- $safe_variable = mysql_real_escape_string($_POST["user-input"]);
- mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
- $offset = isset($_GET['o']) ? $_GET['o'] : 0;
- $offset = mysql_real_escape_string($offset);
- RunQuery("SELECT userid, username FROM sql_injection_test LIMIT $offset, 10");
- $order = isset($_GET['o']) ? $_GET['o'] : 'userid';
- $order = mysql_real_escape_string($order);
- RunQuery("SELECT userid, username FROM sql_injection_test ORDER BY `$order`");
- $query="select * from users where email='".$_POST['email']."' and password='".$_POST['password']."' ";
- $_POST['email']= admin@emali.com' OR '1=1
- $query="select * from users where email='admin@emali.com' OR '1=1';
- $request = $pdoConnection->("INSERT INTO parents (name, addr, city) values ($name, $addr, $city)");
- $request = $pdoConnection->("INSERT INTO parents (name, addr, city) values (?, ?, ?);
- $request = $pdoConnection->("INSERT INTO parents (name, addr, city) value (:name, :addr, :city)");
- $request = $mysqliConnection->prepare('
- SELECT * FROM trainers
- WHERE name = ?
- AND email = ?
- AND last_login > ?');
- $query->bind_param('first_param', 'second_param', $mail, time() - 3600);
- $query->execute();
- $unsafe_variable = $_POST['user_id'];
- $safe_variable = (int)$unsafe_variable ;
- mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
- SELECT * FROM users WHERE name = '".mysql_escape_string($name_from_html_form)."'
- wHERE 1=1 or LIMIT 1
- SELECT * FROM users WHERE name = '".mysql_escape_string($name_from_html_form)."' LIMIT 1
- $count = DB::column('SELECT COUNT(*) FROM `user`);
- $pairs = DB::pairs('SELECT `id`, `username` FROM `user`);
- $user = DB::row('SELECT * FROM `user` WHERE `id` = ?', array($user_id));
- $banned_users = DB::fetch('SELECT * FROM `user` WHERE `banned` = ?', array(TRUE));
- $mysqli = new mysqli( 'host', 'user', 'password', 'database' );
- $mysqli->set_charset( 'charset');
- $string = $mysqli->real_escape_string( $string );
- $mysqli->query( "INSERT INTO table (column) VALUES ('$string')" );
- $stmt = $mysqli->prepare( "INSERT INTO table ( column1, column2 ) VALUES (?,?)" );
- $stmt->bind_param( "is", $integer, $string );
- $stmt->execute();
- $string = "x' OR name LIKE '%John%";
- $integer = '5 OR id != 0';
- $query = sprintf( "SELECT id, email, pass, name FROM members WHERE email ='%s' AND id = %d", $mysqli->real_escape_string( $string ), $integer );
- echo $query;
- // SELECT id, email, pass, name FROM members WHERE email ='x' OR name LIKE '%John%' AND id = 5
- $integer = '99999999999999999999';
- $query = sprintf( "SELECT id, email, pass, name FROM members WHERE email ='%s' AND id = %d", $mysqli->real_escape_string( $string ), $integer );
- echo $query;
- // SELECT id, email, pass, name FROM members WHERE email ='x' OR name LIKE '%John%' AND id = 2147483647
- string mysqli_real_escape_string ( mysqli $link , string $escapestr )
- $iId = $mysqli->real_escape_string("1 OR 1=1");
- $mysqli->query("SELECT * FROM table WHERE id = $iId");
- GRANT SELECT, INSERT, DELETE ON database TO username@'localhost' IDENTIFIED BY 'password';
- FLUSH PRIVILEGES;
- select * from mysql.user where User='username';
- [1] UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) User,Password FROM mysql.user WHERE User = 'root'
- $user = "''1''"; //Malicious keyword
- $sql = 'SELECT * FROM awa_user WHERE userame =:username';
- $sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
- $sth->execute(array(':username' => $user));
- 189 Query SELECT * FROM awa_user WHERE userame ='''1'''
- 189 Quit
- $stmt = $mysqli->prepare("SELECT * FROM awa_user WHERE username =?")) {
- $stmt->bind_param("s", $user);
- $user = "''1''";
- $stmt->execute();
- 188 Prepare SELECT * FROM awa_user WHERE username =?
- 188 Execute SELECT * FROM awa_user WHERE username ='''1'''
- 188 Quit
- RewriteCond %{QUERY_STRING} ([0-9]+)=([0-9]+)
- RewriteRule ^(.*) ^/track.php
- $conn = oci_connect($username, $password, $connection_string);
- $stmt = oci_parse($conn, 'UPDATE table SET field = :xx WHERE ID = 123');
- oci_bind_by_name($stmt, ':xx', $fieldval);
- oci_execute($stmt);
- $unsafe_variable = mysql_real_escape_string($_POST['user_input']);
- $unsafe_variable = (is_string($_POST['user_input']) ? $_POST['user_input'] : '');
- $unsafe_variable = (is_numeric($_POST['user_input']) ? $_POST['user_input'] : '');
- $user = ORM::for_table('user')
- ->where_equal('username', 'j4mie')
- ->find_one();
- $user->first_name = 'Jamie';
- $user->save();
- $tweets = ORM::for_table('tweet')
- ->select('tweet.*')
- ->join('user', array(
- 'user.id', '=', 'tweet.user_id'
- ))
- ->where_equal('user.username', 'j4mie')
- ->find_many();
- foreach ($tweets as $tweet) {
- echo $tweet->text;
- }
- function sqlvprintf($query, $args)
- {
- global $DB_LINK;
- $ctr = 0;
- ensureConnection(); // Connect to database if not connected already.
- $values = array();
- foreach ($args as $value)
- {
- if (is_string($value))
- {
- $value = "'" . mysqli_real_escape_string($DB_LINK, $value) . "'";
- }
- else if (is_null($value))
- {
- $value = 'NULL';
- }
- else if (!is_int($value) && !is_float($value))
- {
- die('Only numeric, string, array and NULL arguments allowed in a query. Argument '.($ctr+1).' is not a basic type, it's type is '. gettype($value). '.');
- }
- $values[] = $value;
- $ctr++;
- }
- $query = preg_replace_callback(
- '/{(\d+)}/',
- function($match) use ($values)
- {
- if (isset($values[$match[1]]))
- {
- return $values[$match[1]];
- }
- else
- {
- return $match[0];
- }
- },
- $query
- );
- return $query;
- }
- function runEscapedQuery($preparedQuery /*, ...*/)
- {
- $params = array_slice(func_get_args(), 1);
- $results = runQuery(sqlvprintf($preparedQuery, $params)); // Run query and fetch results.
- return $results;
- }
- runEscapedQuery("INSERT INTO Whatever (id, foo, bar) VALUES ({0}, {1}, {2})", $numericVar, $stringVar1, $stringVar2);
Add Comment
Please, Sign In to add comment