SQL Injection that Gets Around mysql_real_escape_string() Function
Last Updated :
23 Jul, 2025
SQL injection is a serious security vulnerability that occurs when an attacker can manipulate SQL queries executed in a database. In an attempt to prevent SQL injection, developers often use functions like mysql_real_escape_string() in PHP to escape special characters.
However, it's crucial to understand that reliance on this function alone may not provide foolproof protection. This guide demonstrates SQL injection scenarios that bypass mysql_real_escape_string() and explores the importance of adopting additional security measures.
What is mysql_real_escape_string() Function
mysql_real_escape_string() is a PHP function designed to escape special characters in a string before inserting them in MySQL queries, ensuring safe MySQL queries are run in the database. However, it may not protect all forms of SQL injection attacks. Attackers can leverage certain techniques to evade the effects of this function and execute malicious SQL statements.
Note: This extension was removed in PHP 7.0.0. Some better alternatives to this functions are: mysqli_real_escape_string() and PDO::quote().
Syntax
// Usage of mysql_real_escape_string()
$escaped_value = mysql_real_escape_string($user_input);
This function escapes special characters, making the input safe for inclusion in SQL queries.
Bypassing mysql_real_escape_string() with SQL Injection Example
Let's look at some examples and understand how SQL injection attacks bypass the mysql_real_escape_string() function.
Classic SQL Injection Example
Consider a login scenario where the application uses mysql_real_escape_string() to sanitize user input. The attacker provides a crafted input to bypass the function.
-- Create users Table
CREATE TABLE users (
user_id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50),
password VARCHAR(50)
);
-- Insert Sample Data
INSERT INTO users (username, password) VALUES
('john_doe', 'password123'),
('admin', 'adminpassword');PHP Code Using mysql_real_escape_string()
<?php
// Assume the usage of mysql_real_escape_string()
$_POST['username'] = "admin' OR '1'='1'; -- ";
// Login Query Using mysql_real_escape_string()
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
// Execute the query and process the result
?>
Output:
The provided PHP code uses deprecated mysql_real_escape_string() for input sanitization and attempts to prevent SQL injection. However, it is vulnerable.
Injected SQL Query:
SELECT * FROM users WHERE username='admin' OR '1'='1'; -- ' AND password='';
The malicious input admin' OR '1'='1'; -- can manipulate the SQL query, potentially leading to unauthorized access as it injects a true condition.
The injected query allows unauthorized access by matching any password when the injected condition is true. This query always evaluates to true, allowing unauthorized access.
Using Prepared Statements for Secure Query Execution Example
To address SQL injection vulnerabilities effectively, developers should adopt prepared statements.
This example modifies the login query to use a prepared statement.
-- Create users Table
CREATE TABLE users (
user_id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50),
password VARCHAR(50)
);
-- Insert Sample Data
INSERT INTO users (username, password) VALUES
('john_doe', 'password123'),
('admin', 'adminpassword');PHP Code Using Prepared Statements
-- PHP Code Using Prepared Statements
<?php
// Establish MySQL Connection
$mysqli = new mysqli("localhost", "username", "password", "database");
// Login Query Using Prepared Statement
$stmt = $mysqli->prepare("SELECT * FROM users WHERE username=? AND password=?");
$stmt->bind_param("ss", $username, $password);
// Set Values Safely
$username = $_POST['username'];
$password = $_POST['password'];
// Execute the Query
$stmt->execute();
$result = $stmt->get_result();
// Process the Result
while ($row = $result->fetch_assoc()) {
// Process the result
}
?>Output:
This PHP code uses a prepared statement to securely retrieve user data from a MySQL database. It establishes a connection, prepares a SELECT query with placeholders, binds user inputs, executes the query, and processes the result. However, the result processing section is incomplete; it should include logic for handling successful or unsuccessful logins.
Conclusion
So, Overall, while mysql_real_escape_string() provides a basic level of protection, it is not foolproof against all SQL injection attacks. Developers must stay vigilant and adopt more robust measures, such as prepared statements, to ensure the security of their applications.
Utilizing the latest security practices and regularly updating code to address emerging threats is essential in the ongoing battle against SQL injection vulnerabilities.
Similar Reads
SQL Tutorial Structured Query Language (SQL) is the standard language used to interact with relational databases. Mainly used to manage data. Whether you want to create, delete, update or read data, SQL provides the structure and commands to perform these operations. Widely supported across various database syst
8 min read
Basics
What is SQL?Structured Query Language (SQL) is the standard language used to interact with relational databases. Allows users to store, retrieve, update, and manage data efficiently through simple commands. Known for its user-friendly syntax and powerful capabilities, SQL is widely used across industries.How Do
6 min read
SQL Data TypesSQL data types define the kind of data a column can store, dictating how the database manages and interacts with the data. Each data type in SQL specifies a set of allowed values, as well as the operations that can be performed on the values.SQL data types are broadly categorized into several groups
4 min read
SQL OperatorsSQL operators are symbols or keywords used to perform operations on data in SQL queries. These operations can include mathematical calculations, data comparisons, logical manipulations, other data-processing tasks. Operators help in filtering, calculating, and updating data in databases, making them
5 min read
SQL Commands | DDL, DQL, DML, DCL and TCL CommandsSQL commands are the fundamental building blocks for communicating with a database management system (DBMS). It is used to interact with the database with some operations. It is also used to perform specific tasks, functions, and queries of data. SQL can perform various tasks like creating a table,
7 min read
SQL Database OperationsSQL databases or relational databases are widely used for storing, managing and organizing structured data in a tabular format. These databases store data in tables consisting of rows and columns. SQL is the standard programming language used to interact with these databases. It enables users to cre
3 min read
SQL CREATE TABLEIn SQL, creating a table is one of the most essential tasks for structuring your database. The CREATE TABLE statement defines the structure of the database table, specifying column names, data types, and constraints such as PRIMARY KEY, NOT NULL, and CHECK. Mastering this statement is fundamental to
5 min read
Queries & Operations
SQL SELECT QueryThe SQL SELECT query is one of the most frequently used commands to retrieve data from a database. It allows users to access and extract specific records based on defined conditions, making it an essential tool for data management and analysis. In this article, we will learn about SQL SELECT stateme
4 min read
SQL INSERT INTO StatementThe SQL INSERT INTO statement is one of the most essential commands for adding new data into a database table. Whether you are working with customer records, product details or user information, understanding and mastering this command is important for effective database management. How SQL INSERT I
6 min read
SQL UPDATE StatementIn SQL, the UPDATE statement is used to modify existing records in a table. Whether you are updating a single record or multiple records at once, SQL provides the necessary functionality to make these changes. Whether you are working with a small dataset or handling large-scale databases, the UPDATE
6 min read
SQL DELETE StatementThe SQL DELETE statement is an essential command in SQL used to remove one or more rows from a database table. Unlike the DROP statement, which removes the entire table, the DELETE statement removes data (rows) from the table retaining only the table structure, constraints, and schema. Whether you n
4 min read
SQL | WHERE ClauseThe SQL WHERE clause allows filtering of records in queries. Whether you are retrieving data, updating records, or deleting entries from a database, the WHERE clause plays an important role in defining which rows will be affected by the query. Without WHERE clause, SQL queries would return all rows
4 min read
SQL | AliasesIn SQL, aliases are temporary names assigned to columns or tables for the duration of a query. They make the query more readable, especially when dealing with complex queries or large datasets. Aliases help simplify long column names, improve query clarity, and are particularly useful in queries inv
4 min read
SQL Joins & Functions
SQL Joins (Inner, Left, Right and Full Join)SQL joins are fundamental tools for combining data from multiple tables in relational databases. Joins allow efficient data retrieval, which is essential for generating meaningful observations and solving complex business queries. Understanding SQL join types, such as INNER JOIN, LEFT JOIN, RIGHT JO
4 min read
SQL CROSS JOINIn SQL, the CROSS JOIN is a unique join operation that returns the Cartesian product of two or more tables. This means it matches each row from the left table with every row from the right table, resulting in a combination of all possible pairs of records. In this article, we will learn the CROSS JO
3 min read
SQL | Date Functions (Set-1)SQL Date Functions are essential for managing and manipulating date and time values in SQL databases. They provide tools to perform operations such as calculating date differences, retrieving current dates and times and formatting dates. From tracking sales trends to calculating project deadlines, w
5 min read
SQL | String functionsSQL String Functions are powerful tools that allow us to manipulate, format, and extract specific parts of text data in our database. These functions are essential for tasks like cleaning up data, comparing strings, and combining text fields. Whether we're working with names, addresses, or any form
7 min read
Data Constraints & Aggregate Functions
SQL NOT NULL ConstraintIn SQL, constraints are used to enforce rules on data, ensuring the accuracy, consistency, and integrity of the data stored in a database. One of the most commonly used constraints is the NOT NULL constraint, which ensures that a column cannot have NULL values. This is important for maintaining data
3 min read
SQL PRIMARY KEY ConstraintThe PRIMARY KEY constraint in SQL is one of the most important constraints used to ensure data integrity in a database table. A primary key uniquely identifies each record in a table, preventing duplicate or NULL values in the specified column(s). Understanding how to properly implement and use the
5 min read
SQL Count() FunctionIn the world of SQL, data analysis often requires us to get counts of rows or unique values. The COUNT() function is a powerful tool that helps us perform this task. Whether we are counting all rows in a table, counting rows based on a specific condition, or even counting unique values, the COUNT()
7 min read
SQL SUM() FunctionThe SUM() function in SQL is one of the most commonly used aggregate functions. It allows us to calculate the total sum of a numeric column, making it essential for reporting and data analysis tasks. Whether we're working with sales data, financial figures, or any other numeric information, the SUM(
5 min read
SQL MAX() FunctionThe MAX() function in SQL is a powerful aggregate function used to retrieve the maximum (highest) value from a specified column in a table. It is commonly employed for analyzing data to identify the largest numeric value, the latest date, or other maximum values in various datasets. The MAX() functi
4 min read
AVG() Function in SQLSQL is an RDBMS system in which SQL functions become very essential to provide us with primary data insights. One of the most important functions is called AVG() and is particularly useful for the calculation of averages within datasets. In this, we will learn about the AVG() function, and its synta
4 min read
Advanced SQL Topics
SQL | SubqueryIn SQL, a subquery can be defined as a query embedded within another query. It is often used in the WHERE, HAVING, or FROM clauses of a statement. Subqueries are commonly used with SELECT, UPDATE, INSERT, and DELETE statements to achieve complex filtering and data manipulation. They are an essential
5 min read
Window Functions in SQLSQL window functions are essential for advanced data analysis and database management. It is a type of function that allows us to perform calculations across a specific set of rows related to the current row. These calculations happen within a defined window of data and they are particularly useful
6 min read
SQL Stored ProceduresStored procedures are precompiled SQL statements that are stored in the database and can be executed as a single unit. SQL Stored Procedures are a powerful feature in database management systems (DBMS) that allow developers to encapsulate SQL code and business logic. When executed, they can accept i
7 min read
SQL TriggersA trigger is a stored procedure in adatabase that automatically invokes whenever a special event in the database occurs. By using SQL triggers, developers can automate tasks, ensure data consistency, and keep accurate records of database activities. For example, a trigger can be invoked when a row i
7 min read
SQL Performance TuningSQL performance tuning is an essential aspect of database management that helps improve the efficiency of SQL queries and ensures that database systems run smoothly. Properly tuned queries execute faster, reducing response times and minimizing the load on the serverIn this article, we'll discuss var
8 min read
SQL TRANSACTIONSSQL transactions are essential for ensuring data integrity and consistency in relational databases. Transactions allow for a group of SQL operations to be executed as a single unit, ensuring that either all the operations succeed or none of them do. Transactions allow us to group SQL operations into
8 min read
Database Design & Security
Introduction of ER ModelThe Entity-Relationship Model (ER Model) is a conceptual model for designing a databases. This model represents the logical structure of a database, including entities, their attributes and relationships between them. Entity: An objects that is stored as data such as Student, Course or Company.Attri
10 min read
Introduction to Database NormalizationNormalization is an important process in database design that helps improve the database's efficiency, consistency, and accuracy. It makes it easier to manage and maintain the data and ensures that the database is adaptable to changing business needs.Database normalization is the process of organizi
6 min read
SQL InjectionSQL Injection is a security flaw in web applications where attackers insert harmful SQL code through user inputs. This can allow them to access sensitive data, change database contents or even take control of the system. It's important to know about SQL Injection to keep web applications secure.In t
7 min read
SQL Data EncryptionIn today’s digital era, data security is more critical than ever, especially for organizations storing the personal details of their customers in their database. SQL Data Encryption aims to safeguard unauthorized access to data, ensuring that even if a breach occurs, the information remains unreadab
5 min read
SQL BackupIn SQL Server, a backup, or data backup is a copy of computer data that is created and stored in a different location so that it can be used to recover the original in the event of a data loss. To create a full database backup, the below methods could be used : 1. Using the SQL Server Management Stu
4 min read
What is Object-Relational Mapping (ORM) in DBMS?Object-relational mapping (ORM) is a key concept in the field of Database Management Systems (DBMS), addressing the bridge between the object-oriented programming approach and relational databases. ORM is critical in data interaction simplification, code optimization, and smooth blending of applicat
7 min read