SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #1942

Back to the previous page... Back to the previous page

Test Case IDCandidate1942
Bad / Good / MixedBadBad test case
Author
Associations
Test suite: 31  
Added byRomain Gaucher
LanguagePHP
Type of test caseSource Code
Input string[POST] q = Marcel Proust\' OR 1=1--
Expected Outputq = Marcel Proust\\\' OR 1=1--
Instructions
Submission date2007-03-08
DescriptionThe test case shows an SQL Injection in a PHP script. The defense mechanism is escaping the dangerous characters for the SQL query such as \', \" etc.
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') on line(s): 52, 60