SQL Injection Help - PHP

Question

I've created a simple table and php codes to inject it : here is my php codes :

<?php
$link = mysql_connect("localhost","root","");
mysql_select_db("test",$link);
$id = @$_GET["id"];
if($id != ""){
    mysql_query("delete from students where id=" .$id,$link);
}
?>

As id in link bar I intered :

1 ; drop table students ;

But it didn't work. What is the problem ? thanks

The search can do [magic](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) — Alma Do, Sep 10 '13 at 11:54

score 0 · Answer 1 · answered Sep 10 '13 at 12:01

0

Because mysql_query doesn't support this particular kind of injection

answered Sep 10 '13 at 12:01

Your Common Sense

156,878
40
214
345

So how can I inject this ? – Mohsen Nemati Sep 10 '13 at 12:12
1

Just **don't** inject anything. – Your Common Sense Sep 10 '13 at 12:17

score 0 · Answer 2 · answered Nov 21 '13 at 16:28

mysql_query() sends a unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified

http://us3.php.net/manual/en/function.mysql-query.php

So
drop table students;

never gonna be executed

SQL Injection Help - PHP

2 Answers2