Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Basics/Injection Points"

From NetSec
Jump to: navigation, search
(Created page with "<noinclude>:<font size="-2">SQL injection > Basics > Injection Points </font></noinclude> An SQL injection vulnerability's typ...")
 
(No difference)

Latest revision as of 06:11, 19 July 2012

SQL injection > Basics > Injection Points

An SQL injection vulnerability's type is determined by the location of the user input. $input is used as an example input variable in the queries below to illustrate their classifications.

  • SELECT ... WHERE clause injection
$query = "select * from table where id=$input";
  • SELECT ... LIMIT, OFFSET, ORDER BY, and GROUP BY clause injections
$query = "select * from table limit $input";
$query = "select * from table limit 1 offset $input";
$query = "select * from table order by $input";
$query = "select * from table group by $input";
  • UPDATE ... SET clause injection
$query = "update table set var=$input";
  • UPDATE ... WHERE clause injection
$query = "update table set var=value where column_name='$input'";
  • INSERT ... VALUES clause injection
$query = "insert into table values(null,$input)";