MySQL Encoded query, no space

A

Ayumu

New Member
I would like to know if it is possible to create request with no space with MySQL ?I tested the security of my own website, and I've put in: \[code\]str_replace(" ", "", $POST['id']);\[/code\] All sql injection becomes :\[code\]id=-1 UNION SELECT pass...\[/code\]after strreplace :\[code\]-1UNIONSELECTpass\[/code\]Would that give me a high level of security on my own website? Are there other ways to inject SQL into a query ?I've already put an mysql_real_escape_string() on the query.
 
You must log in or register to reply here.
Back
Top