Programming Forums - View Single Post - Tutorial

Intimidat0r · Dec 10th, 2005, 6:33 PM

nice job.

did you mention that people can also use sql injection with getvars? like

stuff.php?id=1
stuff.php?id=1' OR '1'

also, i have a question, is it possible to inject sql using cookies? like if they have

"SELECT * FROM users WHERE username='".$_COOKIE['username']."'"

you could change the value of the cookie to contain sql in it.

just a few pointers

Dec 10th, 2005, 6:33 PM	#3
Intimidat0r Hobbyist Programmer Join Date: May 2005 Location: Don't know, but the padded walls are a nice touch. Posts: 126 Rep Power: 0	nice job. did you mention that people can also use sql injection with getvars? like stuff.php?id=1 stuff.php?id=1' OR '1' also, i have a question, is it possible to inject sql using cookies? like if they have "SELECT * FROM users WHERE username='".$_COOKIE['username']."'" you could change the value of the cookie to contain sql in it. just a few pointers __________________ Children in the dark cause accidents, and accidents in the dark cause children. http://www.ronincoders.org