Is my search system vulnerable to an SQL injection? If it is, can someone fix it for me. <? require_once('mysql.php'); mysql_select_db("ruko_fp", $con); $term = $_POST['term']; $sql = mysql_query("SELECT * FROM games WHERE gametitle LIKE '%$term%'"); mysql_real_escape_string($gametitle); while ($row = mysql_fetch_array($sql)){ $gametitle = $row['gametitle']; $gid = $row['gid']; $imgsrc = $row['imgsrc']; $gamerating = $row['gamerating']; echo "<tr class=\"gametr2 gametr3\"><th><img src=\".\"></img></th>"; echo "<th><a href=\"ViewGame.php?gid=$gid\">$gametitle</a></th>"; echo "<th>$gamerating</th></tr>"; } ?> <body> </body> </html> PHP:
I think this is not vulnerable to SQL Injection <? require_once('mysql.php'); mysql_select_db("ruko_fp", $con); $term = mysql_real_escape_string($_POST['term']); $sql = mysql_query("SELECT * FROM games WHERE gametitle LIKE '%$term%'"); mysql_real_escape_string($gametitle); while ($row = mysql_fetch_array($sql)){ $gametitle = $row['gametitle']; $gid = $row['gid']; $imgsrc = $row['imgsrc']; $gamerating = $row['gamerating']; echo "<tr class=\"gametr2 gametr3\"><th><img src=\".\"></img></th>"; echo "<th><a href=\"ViewGame.php?gid=$gid\">$gametitle</a></th>"; echo "<th>$gamerating</th></tr>"; } ?> <body> </body> </html> Code (markup):
what you're doing is escaping an undefined variable and doing nothing with its returned value: mysql_real_escape_string($gametitle); PHP: it's ok, however, that you escape $_POST['term'] on line 4. But to make sure that the site is not vulnerable, you should check that you escape all user-gotten variables everywhere. E.g. we don't see ViewGame.php which also accepts gid variable from user. Just look everywhere in your code and ensure they are escaped.