1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SQL injection and Quote escaping

Discussion in 'Ethical hacking' started by tradesun, Jun 28, 2015.

  1. tradesun

    tradesun New Member

    Jun 28, 2015
    Likes Received:
    Trophy Points:
    $name = $_GET['name']
    Select * from table where name = '{$name}'

    Is there any way to exploit this kind of code,
    considering that it is part of a wordpress app (which mean quotes are being escaped)
    so stuff like this will not wok - Page.php?name='; drop table table;
    (php and mysql)

    I read about a vulnerability only on GBK charset - let say it uses a different charset.

    Does it mean that it is completely safe - can any one exploit it?

Share This Page