With the IPS mode, GreenSQL does not block multiple queries with a DELETE into the SQL injection.

Assuming that the normal request is "SELECT * FROM test_drop WHERE mm = 'somevalue'"

If we have somevalue = "2'; DELETE FROM test_drop;#", both queries are executed :


mysql> SELECT * FROM test_drop WHERE mm = '2'; DELETE FROM test_drop;
+----+
| mm |
+----+
| 2 |
+----+
1 row in set (0.00 sec)
Query OK, 2 rows affected (0.00 sec)


So, to prevent this, i'm testing queries with the following regex :


function isDeletionThroughInjection($query)
{
return preg_match("/^(?:[^;]+);(?:[\s]+)?DELETE(?:[\s]+)?(?:\*)?(?:[\s]+)?FROM.*$/i", $query);
}


With this regex, normals deletion queries ("DELETE FROM table WHERE id = someid") are not blocked.

If you use mysql_query, you are not vulnerable, because in this case multiple queries are not allowed

Unprepared statements with PDO and PEAR are vulnerable.

I also use the same kind of regex to check if there is a "INTO OUTFILE" in queries, however i have not yet tested if GreenSQL allows it, but i must have read somewhere in the forum that it is blocked.


function isOutputingInFile($query)
{
return preg_match("/INTO(?:[\s]+)OUTFILE/i", $query);
}


Regards