There's any way to bypass it in this query ? :
$sql = sprintf("SELECT COUNT(`login`) FROM `accounts` WHERE `login` = '%s' AND `email` = '%s';",[b]mysql_real_escape_string[/b]($login),mysql_real_escape_string($email)
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
[Php]Bypass Mysql_Real_Escape_String
Started by
scuarplex
, Dec 29 2010 03:54 AM
No replies to this topic
#1
scuarplex
-
- Members
-
- 9 posts
Private
Posted 29 December 2010 - 03:54 AM
According to what i've been googling, mysql_real_escape_string is bypasseable in some cases by encoding the filtered characters with CHAR, or when the query is using " instead of '.
There's any way to bypass it in this query ? :
There's any way to bypass it in this query ? :
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
