0

Hey, I'm currently using mysql_real_escape_string() to protect against SQL injection. Is there a way to exploit this? I have already tried \ to try to make the query \\', thus making it just a regular backslash. I have heard of the Big5 exploit, but I don't know how to use it / protect against it.

Thanks so much, Glut.

2
Contributors
3
Replies
5
Views
5 Years
Discussion Span
Last Post by diafol
0

I think the Big5 exploit is for db using charset Big5. So, if you're not using Big5, you probably won't need to worry about it.

The mysql_real_escape_string() should escape the backslash and escape the single quote again, so \' becomes \\\'. Can't see why this isn't working for you.

0

I think the Big5 exploit is for db using charset Big5. So, if you're not using Big5, you probably won't need to worry about it.

The mysql_real_escape_string() should escape the backslash and escape the single quote again, so \' becomes \\\'. Can't see why this isn't working for you.

Oh, that's why the Big5 exploit didn't work. So, if I'm not using Big5 character encoding, will the mysql_real_escape_string() still work against all SQL injection attacks for my website?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.