I know the basics of SQL Injection and how to avoid it. I know my code is vulnerable, but I'm trying to inject SQL and it is not working. This is about knowing HOW it is vulnerable, because in practice, I cannot do it.
This is the code:
$email = filter_input(INPUT_GET, 'email');
if ($email != '') {
try {
$stm1 = $db->query("SELECT * from clients WHERE email = '$email'");
$result = $stm1->fetchAll();
} catch (Exception $ex) {
echo $ex->getMessage();
}
}
I'm trying to inject via this input
<input id="textinput" name="email" type="text">
and I'm using codes like:
'; UPDATE clients set status = 0 WHERE client_id = 1
Note that this is a valid SQL Query.
My real questions are:
- Is filter_input preventing anything in this case?
- Does PDO '$query' function ONLY allow ONE statement?
- If this is not vulnerable in this case, are there any other cases where it would be vulnerable?
