am Tue, dem 22.07.2008, um 12:50:31 +0300 mailte Teemu Juntunen folgendes: > Hi, First, don't hijack other threads! > > is it possible to make a SELECT query with some nasty follow up commands, > which damages the database. > > Something like: > > SELECT *,(DROP DATABASE enterprise) AS roger FROM sales WHERE sales > > (UPDATE order SET order=1); > > I know this wont work, but is there some possibility to modify database > with SELECT query? Sure, with sql-injection. There are a lot to read via google, for instance http://en.wikipedia.org/wiki/SQL_injection HTH, Andreas -- Andreas Kretschmer Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header) GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
