-2
Speak people, what risk would I take if someone wanted to give an insight into this example:
$valorGet = $_GET["valor"];
$sql = "SELECT * FROM tabela WHERE caminho = '$valorGet'";
My question is, can the guy delete (DELETE) or insert (INSERT) something into my database? Or just give another type of SELECT?
There is a need to do an antijection with PDO in this case to increase safety?
3
Yes, there is a risk of someone deleting your entire bank when exploiting this vulnerability. The solution does not necessarily go through PDO, but through Prepared statements, that you can use with both PDO and mysqli. Note that it is not enough to change the connection driver to the database to solve the problem, you need to parameterize the query as explained in How to prevent SQL code injection into my PHP code.
So, but the guy would only give a different SELECT, he wouldn’t delete anything, no?
Like I said, there is a risk of him deleting.
1
To N ways to insert data, delete, join tables, etc. In a simple query like this... Here’s a classic and basic example to ignore the path:
$valorGet = "';DELETE FROM tabela WHERE 1=1;-- ";
$sql = "SELECT * FROM tabela WHERE caminho = '$valorGet'";
in this case the structure would receive:
$sql = "SELECT * FROM tabela WHERE caminho = 'aqui entra o valor injetado: (';INSERT INTO tabela VALUES ('1','2','3','4');-- )'";
Whose way out would be something like this:
$sql = "SELECT * FROM tabela WHERE caminho = '';DELETE FROM tabela WHERE 1=1;--";
So, but the guy would only give a different SELECT, he wouldn’t delete anything, no?
You can delete it too, I’ll edit the question for you to see.
That was it, thanks!
Browser other questions tagged php mysql sql-injection
You are not signed in. Login or sign up in order to post.
I know you can do an Injection, but my question was if my bank is in any risk, because I’m only doing a SELECT, it would have to give a DELETE or INSERT?
– caiocafardo