Testing for a SQL injection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Testing for a SQL injection

Post by Addos »

I’m just learning and testing for security in some scripts and I was wondering if the following script has a weakness.

Code: Select all

if (isset($_GET['id'])) {
  $colname_GetLetter = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($****, $*****);
$query_GetLetter = sprintf("SELECT * FROM letters WHERE id = %s ", $colname_GetLetter); 
If somebody tries to inject an SQL query will (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']); catch it or is it missing it being tested for an integer value too?
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Re: Testing for a SQL injection

Post by Addos »

I should add I'm aware of mysql_real_escape_string and it's uses but I'm just trying to get a grip on that specific code I posted. :wink:
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Testing for a SQL injection

Post by Jonah Bron »

If you're passing an integer (which I see you are because you're not surrounding it with quotes), I don't think even mysql_real_escape_string needs to be used. Just be sure to clean it with intval().
Post Reply