[VIM] On SQL injection and PHP mysql_query...

Steven M. Christey coley at linus.mitre.org
Mon Jun 26 16:58:58 EDT 2006

On Mon, 26 Jun 2006, Sullo wrote:

> Won't it allow you to use a union, such as:
>   'union select ...' when injected into $limit?

My understanding is that the union has to happen before the order by...

Although information in this postgresql post suggests that you might have
a chance by using parentheses...


although you'd probably need to get in an opening parenthesis somehow, and
maybe that's postgresql-specific.

and here's a mysql comment on order by within parentheses for unions:


- Steve

More information about the VIM mailing list