Saturday 17 August 2019

php - Someone has dropped a table in my database. How?

In my php scripts ALL input are "filtered" with mysqli_real_escape_string in this way:



$categoryid = mysqli_real_escape_string($link, $_GET['id']); 

$query = "SELECT categories.id AS cid, categories.title AS ctitle
              FROM categories
              WHERE cid=".$categoryid.";";


$rows = mysqli_query($link, $query);
$row = mysqli_fetch_array($rows);


Someone could tell me, how did he hacked my database and dropped the "category_post" table ?



register_globals is disabled

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...