[VIM] On SQL injection and PHP mysql_query...

Steven M. Christey coley at linus.mitre.org
Mon Jun 26 16:58:58 EDT 2006


On Mon, 26 Jun 2006, Sullo wrote:

> Won't it allow you to use a union, such as:
>   'union select ...' when injected into $limit?

My understanding is that the union has to happen before the order by...

Although information in this postgresql post suggests that you might have
a chance by using parentheses...

  http://archives.postgresql.org/pgsql-sql/2003-09/msg00406.php

although you'd probably need to get in an opening parenthesis somehow, and
maybe that's postgresql-specific.

and here's a mysql comment on order by within parentheses for unions:

  http://bugs.mysql.com/bug.php?id=11877

- Steve


More information about the VIM mailing list