Search found 2 matches

Return to advanced search

Re: sql injection with magic quotes on

good idea. I read up a bit but I couldn't actually get the unicode to translate to it's char. It would come out as the literal U+0027 or N0027. Do you have any tips on out to get it to parse the unicode or how to inject unicode SQL?

-- Wed Dec 09, 2009 10:35 pm --

bump.
by whizzle
on Thu Nov 26, 2009 3:11 am
 
Forum: General
Topic: sql injection with magic quotes on
Comments: 2
Views: 7836

sql injection with magic quotes on

magic quotes: http://www.php.net/manual/en/info.confi ... quotes-gpc

Is there a way to sql inject a system that has magic quotes enabled? Entering
x' OR 1=1--
in a form outputs
x\' OR 1=1--
which obviously doesn't work.

Any ideas?
by whizzle
on Mon Nov 23, 2009 6:00 am
 
Forum: General
Topic: sql injection with magic quotes on
Comments: 2
Views: 7836

Return to advanced search