Register now or log in to join your professional community.
if you have a website's page named 'test' that has the following code:
[ASP.NET]
sCid = Request.QueryString["cid"] as string;
sQry = "SELECT * FROM [MyTable] WHERE id=" + sCid + " ORDER BY id";
or [PHP]
$cid = $_GET["cid"];
$qry = 'SELECT * FROM [MyTable] WHERE id=' . $cid . ' ORDER BY id';
What do you think will be the result of executing the query if I passed in the URL
/test?cid=1 UNION SELECT NULL FROM INFORMATION_SCHEMA.TABLES
Mentioned logic is far away from security, because of SQL injection possibility you referred to.so, my advice is to never use concatenation in SQL queries ex. "select * from table where id =" + idVar; because it's so easy to pass another SQL query injected, instead you need to use body variables / stored procedures. ex. "select * from table where id = @id", after you set the value of @id parameter.