<?php
function escape_string($s)
{
$r = ''; for($i=0;@$s[$i];$i++)
{
if($s[$i]!='\'')
if($s[$i]!='"')
if($s[$i]!='\\')
if($s[$i]!="\n")
if($s[$i]!="\r")
if($s[$i]!="\x1a")
{
$r .= $s[$i];
continue;
}
$r .= '?';
}
return $r;
}
$password = '\' or \"1\"=\"1\"';
$password = escape_string($password);
$query = "select 1 from auth where password='{$password}'";
echo($query);
?>
- Output for 5.2.10 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- select 1 from auth where password='? or ??1??=??1??'
- Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.9
- Notice: Uninitialized string offset: 16 in /in/qk6is on line 5
select 1 from auth where password='? or ??1??=??1??'
preferences:
327.67 ms | 402 KiB | 459 Q