Tuesday 9 January 2018

php - Examples of SQL Injections through addslashes()?

itemprop="text">

In PHP, I know that
mysql_real_escape is much safer than using
addslashes.
However, I could not find an example of a
situation where addslashes would let an SQL Injection
happen.



Can anyone give some
examples?



Answer




Well, href="http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string"
rel="noreferrer">here's the article you
want.



Basically, the way the attack
works is by getting addslashes() to put a backslash in the
middle of a multibyte character such that the backslash loses its meaning by being part
of a valid multibyte sequence.



The general
caveat from the article:





This type of attack is possible with any character encoding where

there is a valid multi-byte character that ends in 0x5c,
because
addslashes() can be tricked into creating a
valid multi-byte character
instead of escaping the single quote that follows.
UTF-8 does not fit
this
description.




No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...