Forum Discussion

Bronze II

31 days ago

Solved

PHP – Beginner PHP: SQL Injection

hi I cannot work out how to pass the checks for using a prepared statement. I've looked at various guides and examples and the code I am submitting looks okay to me, but it will not pass the "W...

application security

help & support

immersive labs

MadelineDadamio
16 days ago
Hi MartinWard Thanks for getting in touch! Your code is close, but the lab is expecting a different style of prepared statement. The check will only pass when named parameters are used instead of the positional placeholders shown in your screenshot.

If you update it to follow the pattern in the briefing, it should pass. Feel free to send it over again if you want another pair of eyes. 🙂

MartinWard

Bronze II

16 days ago

Thanks Madeline - I've had another look at the briefing and it says

"A prepared statement consists of a query template where some values are omitted and instead represented as question marks (?) or other predefined characters. These are called parameters or bind variables. The application then binds supplied values to the statement, which are safely escaped, formatted, and used to replace the bind variable placeholders"

isn't that what I have already done?

I've replaced the values with ? then bound the supplied values?

MartinWard

Bronze II

16 days ago

Not to worry - I have solved it :-)

Thank you for the pointer

Forum Discussion

PHP – Beginner PHP: SQL Injection

Featured Places

Help

Related Content

Secure Testing: SQL Injection

AI: Plugin Injection - Demonstrate Your Skills

Rails: SQL Injection (Bugged?)

A beginner question on Nmap:

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Recent Discussions

IoT & Embedded Devices: Certificate Underpinning

Trick or Treat on Specter Street: Morphy's Mansion Challenge

Trick or Treat on Specter Street: Morphy’s Mansion

Credential Access: Password Hashing Algorithms

Trick or Treat on Specter Street: Ghost of the SOC