From 1cba4665d60b048a2e4f9fc0d9de2438f0c6a3f0 Mon Sep 17 00:00:00 2001 From: Brian Nesbitt Date: Sat, 4 Aug 2012 00:05:08 -0300 Subject: [PATCH] Added simple SQL injection example Its possible (read: highly probable) newer developers will not understand a SQL injection vulnerability without a real example. --- _posts/06-01-01-Databases.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/_posts/06-01-01-Databases.md b/_posts/06-01-01-Databases.md index 15f3df4..ad51706 100644 --- a/_posts/06-01-01-Databases.md +++ b/_posts/06-01-01-Databases.md @@ -36,8 +36,10 @@ $pdo = new PDO('sqlite:users.db'); $pdo->query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO! {% endhighlight %} -This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a heartbeat. Instead, -you should sanitize the ID input using PDO bound parameters. +This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a +heartbeat. Just imagine if a hacker passes in an inventive `id` parameter by calling a URL like +`http://domain.com/?id=1%3BDELETE+FROM+users`. This will set the `$id` variable to `id=1;DELETE FROM users` +which will delete all of your users! Instead, you should sanitize the ID input using PDO bound parameters. {% highlight php %}