+https://stackoverflow.com/questions/5610715/how-to-secure-request
ใช้ได้
$some_id = intval($_REQUEST['some_id']);
| User name | Password | SQL Query |
|---|---|---|
| tom | tom | SELECT * FROM users WHERE name=’tom’ and password=’tom’ |
| tom | ‘ or ‘1’=’1 | SELECT * FROM users WHERE name=’tom’ and password=” or ‘1’=’1′ |
| tom | ‘ or 1=’1 | SELECT * FROM users WHERE name=’tom’ and password=” or 1=’1′ |
| tom | 1′ or 1=1 — – | SELECT * FROM users WHERE name=’tom’ and password=” or 1=1– -‘ |
| ‘ or ‘1’=’1 | ‘ or ‘1’=’1 | SELECT * FROM users WHERE name=” or ‘1’=’1′ and password=” or ‘1’=’1′ |
| ‘ or ‘ 1=1 | ‘ or ‘ 1=1 | SELECT * FROM users WHERE name=” or ‘ 1=1’ and password=” or ‘ 1=1’ |
| 1′ or 1=1 — – | blah | SELECT * FROM users WHERE name=’1′ or 1=1 — -‘ and password=’blah’ |