Skip to content

Tag: sql-injection

Escaping user input necessary if using json_encode?

If I take some input from a user in $_POST and json_encode it and put it in the query Is this prone to SQL injection? Does this input needs to be escaped? In my tests, I couldn’t run any queries with input like but I’m not even remotely good at this. PS – This is a test for learning. I&#8217…

Blind SQL Injection using acunetix

I’m using acunetix to test my website. The problem is with this script http://boedesign.com/blog/2007/02/18/ajax-star-rating/ acunetix doesn’t show any message, but when I test for blind SQL I can get values like in the rating_id mysql column, I want to only allow numbers in there, so I made a lit…