MYSQL Injection

By | December 13, 2013

Injection usually occurs when you ask a user input,like their name and instead of a name given you a mysql statement that you will unknowingly run on your database.

For Examples

$name=”mydoubts.in’;Delete from users;”;
mysql_query(“Select * from useres where name='{$name}'”);

if you use mysql,the mysql_query() function does not permit query stacking,or executing multiple queries in a single function call.if you try to stack queries , the call fails

However ,other php database extension such as SQLite and PostgreSQL will perform stacked queries,executing all of the queries provided in one string and creating serious security prblmes.