Learning PHP and MySQL

SQL Injection

1,1);drop table users;. When this query is added to a query like this:

$query  =  "INSERT  INTO  ‘books’  VALUES  (NULL,$title,$pages)";

Here’s what could happen:

$query  =  "INSERT  INTO  ‘books’  VALUES  (NULL,1,1);drop  table  users;  ,$pages)";

Posted by on 09/25 at 11:08 AM

Next entry: Example 12-7 Checking for magic quotes

Previous entry: Example 12-6 Using input from a form to add a title

<< Back to main