Consider the following script. Assuming that the mysql_query function sends an unfiltered query to a database connection already established elsewhere, which of the following are true? (Choose 2)
<?php
$r = mysql_query ('DELETE FROM MYTABLE WHERE ID=' . $_GET['ID']);
?>
[3222,3224]
Correct:
--> This script should be modified so that user-provided data is properly escaped
--> Passing the URL parameter ID=0+OR+1 will cause all the rows in MYTABLE to be deleted
Explanation:
Answers B and D are correct. This script is very dangerous because the data inputted from
the user is not escaped or filtered in any way by the application before being sent to the
DBMS. Therefore, if the URL contained the parameter ID=0+OR+1, the query would become
DELETE FROM MYTABLE WHERE ID = 0 OR 1, causing the database to delete all the rows from the table.