Questions about this topic? Sign up to ask in the talk tab.

SQL injection/Basics/Injection Points

From NetSec
Revision as of 07:11, 19 July 2012 by LashawnSeccombe (Talk | contribs) (Created page with "<noinclude>:<font size="-2">SQL injection > Basics > Injection Points </font></noinclude> An SQL injection vulnerability's typ...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
SQL injection > Basics > Injection Points

An SQL injection vulnerability's type is determined by the location of the user input. $input is used as an example input variable in the queries below to illustrate their classifications.

  • SELECT ... WHERE clause injection
$query = "select * from table where id=$input";
  • SELECT ... LIMIT, OFFSET, ORDER BY, and GROUP BY clause injections
$query = "select * from table limit $input";
$query = "select * from table limit 1 offset $input";
$query = "select * from table order by $input";
$query = "select * from table group by $input";
  • UPDATE ... SET clause injection
$query = "update table set var=$input";
  • UPDATE ... WHERE clause injection
$query = "update table set var=value where column_name='$input'";
  • INSERT ... VALUES clause injection
$query = "insert into table values(null,$input)";
Retrieved from "http://nets.ec/index.php?title=SQL_injection/Basics/Injection_Points&oldid=8218"