#x27;s assume he did. The page that this attempt occurred is hard-wired
to display a single record in detail view. In the code, I have a bunch
of echo $row-You could always escape these. Some SQL injection attacks do account for
this kind of thing. They're typically much more sophisticated than the
ote:
>>
>> My logs shows that we have tried with a SQL Injection attempt, but
>> our engine has detected and avoided it but I am just curious, what are
>> these SQL statements are intending to achieve?
>>
>> SELECT * FROM lecturer WHERE recID='25 '
we have tried with a SQL Injection attempt, but
>> our engine has detected and avoided it but I am just curious, what are
>> these SQL statements are intending to achieve?
>>
>> SELECT * FROM lecturer WHERE recID='25 ' and exists (select * from
>> sysobjec
On 13/02/2012 21:48, Haluk Karamete wrote:
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exis
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exists (select * from
sysobjects) and ''=&
http://gizmodo.com/5498412/sql-injection-license-plate-hopes-to-foil-euro-t
raffic-cameras
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Hi,
Fletcher Mattox wrote:
We were recently the target of an SQL injection, so I am trying to
determine if they were successful. I have recovered the SQL commands
from mysqld.log, but the code has me stumped.
INSERT INTO queries (file,id) VALUES ('labs.php','4 OR 0 IN (SELECT T
ectuted...
how many rows do you have in 'queries' tagged as 'labs.php'? I ewould
be very tempted to examine each and every one of them by hand.
- michael dykman
On 9/4/07, Fletcher Mattox <[EMAIL PROTECTED]> wrote:
> We were recently the target of an SQL injection
We were recently the target of an SQL injection, so I am trying to
determine if they were successful. I have recovered the SQL commands
from mysqld.log, but the code has me stumped.
INSERT INTO queries (file,id) VALUES ('labs.php','4 OR 0 IN (SELECT TOP 1
CHAR(60)+CHAR(112)+CHA
I'm creating a forum in php where users are able to store comments in
a text field (think blog comments). To prevent SQL injection, I'm
using the php function mysql_real_escape_string() on data going into
the text field. Is this really enough to be safe, or should I be doing
more?
Hi all,
unluckily, I made a bad typing error:
Joerg Bruehe wrote:
this is in reply to various questions that have reached us after the
recent security fix, contained in MySQL 4.1.20, 4.0.22, and 5.1.11-beta:
of course, this must read 5.0.22
I apologize for any confu
Hi,
this is in reply to various questions that have reached us after the
recent security fix, contained in MySQL 4.1.20, 4.0.22, and 5.1.11-beta:
The problem was a possible "SQL injection" risk, if the application sent
data using some multi-byte character sets, due to an incorre
Date: Sun, 5 Mar 2006 16:59:13 +0100
To: mysql@lists.mysql.com
From: Jochen Kaechelin <[EMAIL PROTECTED]>
Subject: is this safe against sql-injection?
Message-Id: <[EMAIL PROTECTED]
Can somebody give me some general hints how to prevent
sql-injection?
You may also want to consider t
Jochen Kaechelin wrote:
Can somebody give me some general hints how to prevent
sql-injection?
I always go this way to build my queries:
function clean_mysql_string($string) {
$clean_string = stripslashes($string);
$clean_string = htmlentities(strip_tags
Can somebody give me some general hints how to prevent
sql-injection?
I always go this way to build my queries:
function clean_mysql_string($string) {
$clean_string = stripslashes($string);
$clean_string = htmlentities(strip_tags(($clean_string
This reply has two purposes.
Firstly, a small suggestion (modest compared to the others which will
follow, no doubt!) - check out mysql_escape_string() - this may be useful to
you.
Secondly, a further question:
In addition to protecting against SQL Injection, has anyone here
experimented with
Hi Jigal, others,
> > Can someone shed some light on how "SQL injection" attack occurs when
> > *magic_quotes_gpc *is"ON" and how it prevents when its "OFF". To my
> > understanding apostrophise are escaped automatically in POST/GET/COOKIE
> &
From: "Tariq Murtaza" <[EMAIL PROTECTED]>
> Can someone shed some light on how "SQL injection" attack occurs when
> *magic_quotes_gpc *is"ON" and how it prevents when its "OFF". To my
> understanding apostrophise are escaped automati
*Dear Friends!*
Can someone shed some light on how "SQL injection" attack occurs when
*magic_quotes_gpc *is"ON" and how it prevents when its "OFF". To my
understanding apostrophise are escaped automatically in POST/GET/COOKIE
when its ON, so how it tends t
www.securityfocus.com ran a three part article,
http://www.securityfocus.com/infocus/1722, that discussed SQL Injections and
MySQL.
-Original Message-
From: Tony Thomas [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 28, 2003 11:36 PM
To: [EMAIL PROTECTED]
Subject: SQL Injection
Hi
In the last episode (Sep 28), Tony Thomas said:
> I've been hearing a bit about SQL injection lately, but the only
> documentation I can find refers to Microsoft or Oracle. Anyone know
> of good articles about injection in MySQL? Prevention? Detection? Is
> MySQL less vulnerabl
Hi All,
I've been hearing a bit about SQL injection lately, but the only
documentation I can find refers to Microsoft or Oracle. Anyone know of
good articles about injection in MySQL? Prevention? Detection? Is MySQL
less vulnerable?
Thanks,
Tony
--
MySQL General Mailing List
For
22 matches
Mail list logo
