Is `addslashes()` in PHP Sufficient to Prevent SQL Injection Attacks?

SQL Injection Vulnerability through addslashes()

In PHP, the addslashes() function is used to escape special characters in a string. However, this function has been known to be vulnerable to SQL injection attacks.

Example 1

Consider the following SQL statement:

SELECT * FROM users WHERE username = '$username'

If the $username variable contains a single quote character ('), an attacker can exploit this vulnerability by sending a value such as:

admin' OR 1=1

This will result in the following SQL statement:

SELECT * FROM users WHERE username = 'admin'' OR 1=1'

The addslashes() function will escape the single quote character, but it will not escape the space character. As a result, the SQL statement will be executed as intended, and the attacker will be able to gain access to the admin account.

Example 2

Another example of an SQL injection vulnerability through addslashes() involves using a multibyte character that ends in 0x5c (backslash). This can trick the addslashes() function into creating a valid multi-byte character instead of escaping the single quote that follows.

SELECT * FROM users WHERE username = '$username'

If the $username variable contains the following multibyte character:

"\x5c'"

The addslashes() function will escape the backslash character, but it will not escape the single quote character. This will result in the following SQL statement:

SELECT * FROM users WHERE username = "\x5c'\x27"

The SQL statement will be executed as intended, and the attacker will be able to gain access to the database.

Conclusion

The addslashes() function should not be used to prevent SQL injection attacks. Instead, developers should use a more secure function such as mysql_real_escape or PDO::quote.

The above is the detailed content of Is `addslashes()` in PHP Sufficient to Prevent SQL Injection Attacks?. For more information, please follow other related articles on the PHP Chinese website!