Hello everyone, I just checked my website for sql vulnerabilities. The link of the page is like this: www.example.com/stories.php?id=4 And the code is something like this: $id = $_GET["id"]; if ($id != "") { $r = mysql_query("SELECT * FROM `stories` WHERE id = '$id'"); } ... Now when I enter 4' instead of 4 for the id, it gives me an sql syntax error. As it should. But when I upload it to the server then it does not give me any error even though it breaks the sql syntax. Can someone please explain what is happening? Thanks in advance, Hassan
Maybe error reporting is turned off in your server Anyway your query is insecure. Try this: $id = $_GET["id"]; if ($id != "" && is_numeric($id))) { $r = mysql_query("SELECT * FROM `stories` WHERE id = '".mysql_real_escape_string($id)."'"); } PHP:
Thanks for the info. Yes, I know its insecure. I will use the functions you specified. I know error reporting is turned off on the server. But when I enter the following url, it actually displays the story with the id 4. www.example.com/stories.php?id=4' or even www.example.com/stories.php?id=4'Some more text I am really confused..