How to perform SQL Injection in the context of Insert query or Select query? Any help would be appreciated.
-
2Why do you want to allow SQL injections?chris85– chris852017-09-26 11:55:39 +00:00Commented Sep 26, 2017 at 11:55
-
Well combine this, php.net/manual/en/mysqli.multi-query.php, with the answer below and you will be able to execute that query. You also can say good bye to your DB with this.chris85– chris852017-09-26 16:40:34 +00:00Commented Sep 26, 2017 at 16:40
Add a comment
|
1 Answer
First of all, don't use mysql_, use mysqli_.
Second, that's because you can't put two queries inside the mysql_query(). Otherwise they would have named it mysql_queries()
Just make two seperate queries. Here's the docs.
Here is a basic example from the manual on its usage:
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
/* Create table doesn't return a resultset */
if ($mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City") === TRUE) {
printf("Table myCity successfully created.\n");
}
/* Select queries return a resultset */
if ($result = $mysqli->query("SELECT Name FROM City LIMIT 10")) {
printf("Select returned %d rows.\n", $result->num_rows);
/* free result set */
$result->close();
}
/* If we have to retrieve large amount of data we use MYSQLI_USE_RESULT */
if ($result = $mysqli->query("SELECT * FROM City", MYSQLI_USE_RESULT)) {
/* Note, that we can't execute any functions which interact with the
server until result set was closed. All calls will return an
'out of sync' error */
if (!$mysqli->query("SET @a:='this will not work'")) {
printf("Error: %s\n", $mysqli->error);
}
$result->close();
}
$mysqli->close();
1 Comment
Funk Forty Niner
I edited the answer in order to use an English reference php.net/manual/en/mysqli.query.php