PHP / MYSQL - sql injection

From: bob (bob_at_nospam.org)
Date: 08/29/04 

Date: Sun, 29 Aug 2004 17:18:00 +0200

Hi,

I've got a search form on my website (1 field for the search query).
I'm getting results via the sql query : select * from my_table where
my_column like 'my_keyword';
As the keyword is typed by any internet user, is there a way to inject sql
in this query ?
can it be dangerous ?
can anyone give me doc links about that ?

thx in advance, 

--
bob

Relevant Pages

  • Re: Clarification of BytesSent vs BytesSentDelta in ISA 2004 Firewall log
    ... Would it be possible to please post the SQL query you used to get the ... > In ISA Server Management, I can get matching results between the Bytes ... > Remember that the data in the logs is per connection, ...
    (microsoft.public.isaserver)
  • Re: Many To Many Relationships
    ... INNER JOIN CATEGORY AS C ... An SQL query typically returns a table. ... Requires RVAs and an aggregate union. ...
    (comp.databases.theory)
  • Re: faster search engine for fulltext search
    ... Here is the SQL query I have used in a table with less than 200.000 records, ... FULLTEXT KEY `full` ... againstorder by date desc, rank desc limit 0,20; ...
    (perl.beginners)
  • Re: Life-Cycle of SQL Query
    ... from a SQL Query to actual data. ... Parse (includes syntax checking and transforming to an internal ... Execute (based on execution plan, access data, combine, filter, ...
    (comp.databases.theory)
  • Re: Incremental search with numbers
    ... If you mean that you don't know how to enter that in the graphical query designer, the easiest way is to use the View menu and change to SQL view, where you can directly edit the sql statement. ... > my program places it in a SQL query which uses a LIKE 'A*' to extract> all ... >>> characters keyed in on my form. ...
    (microsoft.public.access.formscoding)