sql injection vulnerability in my code?

jacrewq

I have a code that looks like this

SELECT * FROM table WHERE field LIKE '%data%' SORT by $data2 $data3

This url is used to fetch the data:
scrpit.php?data=VALUE1&data2=SORTFIELD&$data3=DESC

So anyone can change $data3 and make it some other query. :evilgrin:

But since php automatically adds slashes and nobody knows my table names, if they wanted to DROP them, is it really a vulnerability?

rincewind456

Just because your table names are unknown (at the moment) does not make this safe, take a look at this article to see how a hacker can build up information about your database structure in order to succesfully break in to your data.