Skip to content

php.lang.security.injection.tainted-sql-string does not detect SQL statement with newline #3376

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
php.lang.security.injection.tainted-sql-string does not detect SQL statement with newline#3376
Labels
bugSomething isn't working
@Sjord

Description

@Sjord
Sjord
opened on May 7, 2024

php.lang.security.injection.tainted-sql-string

<?php
// Not detected
mysqli_query($handle, "
SELECT * FROM sometable WHERE field=".$_GET['input']);

// Detected
mysqli_query($handle, 
"SELECT * FROM sometable WHERE field=".$_GET['input']);

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions