-1

I have simple question. I did GET form search to get ID of a show, so after code is executed, the url looks like this:

...show.php?showid=inserted number

So, is it possible to drop all tables only because I used GET method, and therefore, should I use POST?

Thanks in advance!

CyFeed
  • 3
  • 3
  • 1
    SQL injection can occur from GET as well as POST requests. EDIT: It depends entirely on the code that processes the request. – Alexis Murray Feb 13 '15 at 22:52
  • I see, well it's seems I'll have to study more about that. Okay thank you, just wasn't sure, that's all. – CyFeed Feb 13 '15 at 23:05
  • This is the canonical explanation here on SO of how to prevent SQL injection: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Andy Lester Feb 13 '15 at 23:12

1 Answers1

0

"This is the canonical explanation here on SO of how to prevent SQL injection: stackoverflow.com/questions/60174/… – Andy Lester Feb 13 at 23:12"

Thanks. I'm not sure how to post comment as an answer, but this satisfied me. I tried SQL injection into my table, but probably not related one:' or '1'='1

And I get this: 

403
Forbidden
Access to this resource on the server is denied!

So that's all. Thank you guys once again.

Community
  • 1
  • 1
CyFeed
  • 3
  • 3