itemprop="text">
In PHP, I know that
mysql_real_escape
is much safer than using
addslashes
.
However, I could not find an example of a
situation where addslashes
would let an SQL Injection
happen.
Can anyone give some
examples?
Well, href="http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string"
rel="noreferrer">here's the article you
want.
Basically, the way the attack
works is by getting addslashes()
to put a backslash in the
middle of a multibyte character such that the backslash loses its meaning by being part
of a valid multibyte sequence.
The general
caveat from the article:
This type of attack is possible with any character encoding where
there is a valid multi-byte character that ends in 0x5c
,
because
addslashes()
can be tricked into creating a
valid multi-byte character
instead of escaping the single quote that follows.
UTF-8 does not fit
this
description.
No comments:
Post a Comment