Page 1 of 1

Testing for a SQL injection

Posted: Thu Sep 09, 2010 1:38 pm
by Addos
I’m just learning and testing for security in some scripts and I was wondering if the following script has a weakness.

Code: Select all

if (isset($_GET['id'])) {
  $colname_GetLetter = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($****, $*****);
$query_GetLetter = sprintf("SELECT * FROM letters WHERE id = %s ", $colname_GetLetter); 
If somebody tries to inject an SQL query will (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']); catch it or is it missing it being tested for an integer value too?

Re: Testing for a SQL injection

Posted: Thu Sep 09, 2010 1:49 pm
by Addos
I should add I'm aware of mysql_real_escape_string and it's uses but I'm just trying to get a grip on that specific code I posted. :wink:

Re: Testing for a SQL injection

Posted: Thu Sep 09, 2010 3:27 pm
by Jonah Bron
If you're passing an integer (which I see you are because you're not surrounding it with quotes), I don't think even mysql_real_escape_string needs to be used. Just be sure to clean it with intval().