Search code examples
phpmysqlsql-drop

Why To Sanitise POST and GET

I have a question......I get that you have to sanitise POST and GET to stop people doing nasty things to your website / DB , but I'm confused.....I saw the following on a website and thought I would ask the question.

enter image description here

How would mr hacker know that the table to drop was called Students ?, in this situation it being a school it probably wouldn't take much working out, but I thought that the code for this sort of thing was hidden from view when it runs in a php file....so if I named my tables obscure things how would an attack know what the table name was to drop ?.

Solution

  • Yes it's hidden, but if you have a vulnerability like this you can execute any query you want, including SHOW TABLES and SHOW COLUMNS ..