Bypassing a filter #8
Description
I'm having a problem bypassing filter.
function filter($input) { if(get_magic_quotes_gpc()) $input= stripslashes($input); $input = mysql_real_escape_string($input); return $input; } so the filter uses stripslashes & mysql_real_escape_string which makes it hard to inject
$id = $_GET['id']; $id = filter($id); $query = "select * from users where `id` = '$id' and 1=0 ;"; // for example $result = mysql_query($query , $connection); Is there a way to bypass it. Thanks in advance. 👍