'[PHP-DOC] #30274 [Bgs->Csd]: Error in SQL injection example in manual page for mysql_real_escape_str'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       phpdoc
Subject:    [PHP-DOC] #30274 [Bgs->Csd]: Error in SQL injection example in manual page for mysql_real_escape_str
From:       aidan () php ! net
Date:       2004-09-29 16:24:16
Message-ID: 200409291624.i8TGOGxW006309 () ez1 ! php ! net
[Download RAW message or body]

 ID:          30274
 Updated by:  aidan@php.net
 Reported By: troels at arvin dot dk
-Status:      Bogus
+Status:      Closed
 Bug Type:    Documentation problem
 PHP Version: Irrelevant
 New Comment:

Ooops, I see what you mean, please excuse me.


Previous Comments:
------------------------------------------------------------------------

[2004-09-29 17:15:53] aidan@php.net

I don't know why you think the query would be a syntax error, but you
are wrong. It works fine.

Marking as Bogus and reverting.

------------------------------------------------------------------------

[2004-09-29 13:52:50] vrana@php.net

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.



------------------------------------------------------------------------

[2004-09-29 13:37:56] troels at arvin dot dk

Description:
------------
The manual page for mysql_real_escape_string() has a section on the
danger of SQL injection; that's nice.

However, the example used to illustrate the danger is wrong and
misleading, as far as I can see.

The page states
...
  // We didn't check $_POST['password'], it could be anything the user
wanted! For example:
  $_POST['username'] = 'aidan';
  $_POST['password'] = "' OR 1=1";
...

However, setting $_POST['password'] to
  ' OR 1=1
will result in a query like this, which isn't very dangerous because
it's a syntax error:
  SELECT * FROM users WHERE name='aidan' AND password='' OR 1=1'

A better example of a dangerous value of $_POST['password'] would be:
  ' OR ''='
because it would result in this query:
  SELECT * FROM users WHERE name='aidan' AND password='' OR ''=''




------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=30274&edit=1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic