Hi, I have a php script (and sql database) which allow quest to create a user name password .... From few days when they try to create a user name receive this error: SQL Injection Detected. Make sure to ONLY use letters (a-Z) and numbers (0-9)! I don't find the problem, how I can solve this problem. Thank you very much. Regards.
Your script must have a detection of some illegal characters and thus giving you that error.... you have to check the scripts list of illegal characters.... usually "<,/" are the ones you aren't allowed to use but who knows what other characters are setup with this script?
okay so i have a register page for something. and it is giving me the exact same error SQL Injection Detected. Make sure to ONLY use letters (a-Z) and numbers (0-9)! i want a space but it does not allow anything, is there anyway to go around this. or make it think that something else is a space that will not be detected. i unno just thinking
PHP has a feature which wil cause it to "exit" a string that it thinks will cause errors in your database due to injection. You can this off through your php options. The feature you need to turn off is called magic_quotes-gpc and can be found in the php.ini file. *note* the magic quotes feature is only included in version of php before 6
The error message comes from the script you're using, not from PHP. Check the source code for that error message and the surrounding code.
okay so, coming from the other side of the equation if i wanted to SQL inject a database through a form that does not allow spaces or anything other than numbers and letters, is there anyway to get around it or still use the injection command.
Err, why would you want to know that? Seems fishy to me.. Anyway, no, if all they allow is numbers and letters there's no way you'd be able to hack that.