[VIM] On SQL injection and PHP mysql_query...
Steven M. Christey
coley at linus.mitre.org
Mon Jun 26 16:58:58 EDT 2006
On Mon, 26 Jun 2006, Sullo wrote:
> Won't it allow you to use a union, such as:
> 'union select ...' when injected into $limit?
My understanding is that the union has to happen before the order by...
Although information in this postgresql post suggests that you might have
a chance by using parentheses...
although you'd probably need to get in an opening parenthesis somehow, and
maybe that's postgresql-specific.
and here's a mysql comment on order by within parentheses for unions:
More information about the VIM