1

I write simple php script with mysql to try sql injection and it isn't working.

Here is my sql query

$sql = "SELECT * FROM users WHERE id = '$userId'";
echo 'QUERY '. $sql .'<br>';
$userQ = mysql_query($sql);
$user = mysql_fetch_array($userQ);

I try to go to this url 

http://localhost/SQL%20In/inside.php?id=apie&userId=1;%20DROP%20TABLE%20users

and it isnt doing anything

Qirel
  • 25,449
  • 7
  • 45
  • 62
Vitas
  • 50
  • 7
  • 1
    `mysql_` can't execute multiple queries in one statement. SQL injection you *can* do is `' OR 1=1 --` – Qirel Feb 28 '19 at 12:56
  • Mysqli cant execute multiple queries – Vitas Feb 28 '19 at 13:00
  • Neither `mysql_` or `mysqli_` can execute multiple queries in one go. They have to be done separately, which is why the `' DROP TABLE users;--` injection won't work. But stuff like `' OR 1=1;--` would work, so you still have to use a prepared statement - and for the love of all that is holy, not be using `mysql_` :-) – Qirel Feb 28 '19 at 13:04
  • Can you help me by telling me how i can make it possible to execute such queries in php? Or is it completly imposible? – Vitas Feb 28 '19 at 13:06
  • 1
    Using `mysql_` its not possible, as they can only handle one query at a time. The `mysqli_` library has `mysqli_multi_query()`, which could do it. – Qirel Feb 28 '19 at 13:10
  • I tried it with multi query but it isnt working with fetch array – Vitas Feb 28 '19 at 14:20
  • When you use multi-query, the query has multiple result sets, so you have to do an extra loop to iterate through the results. See the code example in the docs here: https://secure.php.net/manual/en/mysqli.multi-query.php – Bill Karwin Feb 28 '19 at 18:44

0 Answers0