Stacked queries:executing more than one query in one transaction.
Is it a stack query to execute multiple SQL statements at a time?
See an article saying that Php+mysql does not support stacked queries, however, such an SQL statement:
SELECT * FROM members; DROP members
obviously in MySQL can be executed.
Do I get the wrong idea?
Reply content:
Stacked queries:executing more than one query in one transaction.
Is it a stack query to execute multiple SQL statements at a time?
See an article saying that Php+mysql does not support stacked queries, however, such an SQL statement: SELECT * FROM members; DROP members
obviously in MySQL can be executed.
Do I get the wrong idea?
The database is sure to support stack queries, but letting PHP execute SQL statements is not necessarily OK.
For details, please refer to the following two articles:
- Stacked Queries
- SQL Injection Cheat Sheet