php - SQL injection - update two tables at once in a non-stacked mysql_query -


i'm learning advanced sql injection techniques, find harder.

i've got php code this(i can't change this, it's php + mysql 5.6.19[innodb]):

$newvalue = $_post['newvalue']; if ($newvalue > 1000)     mysql_query("update `table` set `column1`='".$newvalue."' `id`='".$id."'");

i've worked out way fool php little bit passing valid number @ beginning in post parameter, this(this 1 changes other column value, that's nice, works):

1001', `column2` = 'some_value' `id` = 'some_other_value';#

now i'd change(update) other table in same update query. remember! can't change code , mysql_query doesn't allow stacked queries(you can't perform multiple queries separating them semicolon).

in theory, might this(of course, doesn't work):

1001' `id` = 'some_other_value' or (update `table2` set ... = ... limit 1);#

or(some theoretical trick):

1001'*(update `table2` set ... = ... limit 1) `id` = 'some_other_value';#

do have ideas?
thank help.


Comments

Post a Comment

Popular posts from this blog

jquery - How do you format the date used in the popover widget title of FullCalendar? -

Image
in fullcalendar, how format date used in popover widget title when clicking '+n more'? code: <div class="fc-popover fc-more-popover"> <div class="fc-header fc-widget-header"> <span class="fc-close fc-icon fc-icon-x"></span> <span class="fc-title">tuesday, april 7</span> ... </div> ... </div> you use daypopoverformat that. determines date format of title of popover created eventlimitclick option. must date formatting string. default value "dddd, mmmm d" english , "ll" other languages.
Read more

Bubble Sort Manually a Linked List in Java -

Image
this first question here. trying manually sort linked list of integers in java , can not figure out wrong code. suggestions? don't error, still have output unordered. tried few different ways, nothing worked. appreciate if can me that. public class node { int data; node nextnode; public node(int data) { this.data = data; this.nextnode = null; } public int getdata() { return this.data; } } // node class public class datalinkedlist implements datainterface { private node head; private int size; public datalinkedlist(){ this.head = null; this.size = 0; } public void add(int data) { node node = new node(data); if (head == null) { head = node; } else { node currentnode = head; while(currentnode.nextnode != null) { currentnode = currentnode.nextnode; } currentnode.nextnode = node; ...
Read more

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a...
Read more