Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are multiline queries sql-injection safe?

Tags:

php

sql-injection

multilinestring

This might be a stupid question. Or maybe my hacking skills are limited (I don't practice them at all).

I have a query that looks like this:

<?php
$query =<<<eot
    SELECT      table_x.field1,
                table_x.field2,
                table_y.*,
                table_z.field4
    FROM        (
                    SELECT ...
                ) as table_y
    LEFT JOIN   table_x
    ON          table_x.field1 = table_y.field_x
    LEFT JOIN   table_z
    ON          table_z.field1 = table_y.field_z
    WHERE       table_x.field3 = '$something'
    AND         table_z.field4 = '1'
    AND         table_z.field5 = '2'
eot;
?>

I have a lot of other tests on $something before it gets used, like $something = explode(' ',$something); (which later result in a string) none of them intend to prevent injection but they make it hard for the given injection to get as is to the actual query. However, there are ways. We all know how easy it is to replace a space for something else which is still valid..

So, it's not really a problem to make a potentially harmful piece of SQL reach that $something... But is there any way to comment the rest of the original query string if it is multi-line?

I can comment AND table_z.field4 = '1' using ;-- but can't comment the following AND table_z.field5 = '2'

Is it possible to open a multi-line comment /* without closing it or something looked like and therefore allow the injection to ignore the multi-line query?

like image 803
acm Avatar asked Jun 01 '10 17:06

acm

People also ask

Is SQL safe from SQL injection?

While SQL Injection can affect any data-driven application that uses a SQL database, it is most often used to attack web sites. SQL Injection is a code injection technique that hackers can use to insert malicious SQL statements into input fields for execution by the underlying SQL database.

What types of databases are more vulnerable to SQL injections?

If a web application or website uses SQL databases like Oracle, SQL Server, or MySQL, it is vulnerable to an SQL injection attack. Hackers use SQL injection attacks to access sensitive business or personally identifiable information (PII), which ultimately increases sensitive data exposure.

Is JPA query safe from SQL injection?

This is a common misconception. JPA and other ORMs relieves us from creating hand-coded SQL statements, but they won't prevent us from writing vulnerable code.

1 Answers

It's not safe. Even if it can't comment out the rest, it could prefix it with SELECT * FROM my_table WHERE 1=1.

like image 105
Adam Crume Avatar answered Oct 07 '22 01:10

Adam Crume
Sign in to Comment

Related questions

How do I preg_match for words in Hebrew
Sorting multidim array: prioritize if column contains substring, then order by a second column
How to keep session alive for 1week without logout PHP, overwriting default server values?
Find the name of a calling var
Kohana: Is it necessary to check if SYSPATH is defined?
PHP switch statement variable scope
Isn't Using the basename function with $_FILES['userFile']['name'] Redundant?
Is it ok to wind up using mostly static classes?
Unit Test json output in Zend Framework
Printing the structure of an array without its contents?
Javascript Confirm Delete in One PHP File (on href)
PHP Script Times out after 45 seconds
Eclipse PDT Autocomplete
Get username from URL in PHP
Replace duplicate values in array with new randomly generated values
Sending passwords over the web
Assignment in conditionals
PDO not working within function
How extract part of an URL in PHP to remove specific part?
php sort properties of object

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!