sql injection

Exploiting SQL Injection in ORDER BY on Oracle

Consider the following piece of code:

$sql = "SELECT something FROM some_table WHERE id=? ORDER BY $column_name";

The WHERE clause is parametrized, but the ORDER BY isn't. This happens often enough. Assuming that $column_name comes from user input, this code is vulnerable to SQL injection.

Subscribe to RSS - sql injection