suppose i have a query like this :
$std_id = $_POST['std_id'];
$name = $_POST['name'];
$family = $_POST['family'];
$sql = "insert into student set
std_id = $std_id,
name = '$name',
family = '$family'";
$query = mysql_query($sql,$conn);
i read in a php security book that if user enter a value for family field like :
ahmad';drop database test#
can delete database test;
but we know that the mysql_query() function only allow to execute one query .
i want to know how can this input to be unsafe
Just worrying about multiple queries is not enough to protect SQL Security ... There are so many questions / answers on SO for you to read about this subject ..
Also good resources on php.net
There are many delusions in your question.
Let's sort them out.
Using multiple queries separated by a semicolon is not the only way to exploit your queries, it is just a very simple example. It will work, when you are using mysqli_multi_query()
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.