You mean real7? Probably :p

If a site doesn’t use X, how can it have an X vulnerability?

Also: spell checker.

So, not every site use SQL?? How do i know if site use SQL or NOT?

Ask the owner nicely.

You can inject in site that don’t protect user input.

LOL that hacking world is way complicated than i could have imagined :@

Try to study how to use sql and you will view that is not so hard to know.

In general you can’t know something is used until you find a vulnerability that exposes such information. These are things that are internal to how a site works.

Or ask owner nicely. :p

^^ Social engineering is always an option. The art of people hacking.

If your serious about learning different Hacking techniques using code injection then your only looking at one side of the coin by focusing on SQL.

By that i mean you need to learn both SQL AND PHP injection, or at least have a strong understanding of both to successfully Hack using code injection as SQL controls the client side of things were as PHP controls the server side. Very important that is understood,

SQL injection can cause problems,…PHP injection can cause problems at the CORE.

There are a lot of type of injection… and wtf is that: [quote=Tylman]SQL controls the client side[/quote] ??

@Tylman SQL query the database, the database is in server.

Yes bolofecal SQL query’s the database in the server which is under the control of PHP and SQL is FOR the client which is why i’m saying its important to learn both,…..sorry i worded that last post kind of wrong.

SQL isn’t for the client, SQL is to get informations from the database, you don’t have to send those informations to a client, you can process the datas or do whatever you want with the datas.

SQL is structured query language - a language for communicating with database servers like MySQL, Oracle, MS-SQL used by the CLIENT

PHP is a server-side scripting language usually implemented as a module in the Apache webserver - it is able to do tasks on the servers such as issue SQL queries to a database as well as create HTML on the fly. It only runs within the webserver in RESPONSE to a USER’S web request i.e CLIENT SIDE!!

which is why again i advised,…..learn at least a little of both,……..

I think you should learn programming before posting about that on a forum…

PHP is not only used for webpages… And what is called client-side is usually what the client gets on his computer, i.e. the more often in web pages HTML, CSS and JS. A HTTP request isn’t client-side. Server-side and client-side are 2 parts of the code of your website. I can send a HTTP request to your server without use your client-side website.

You can expose all your arguments and use caps lock but no, SQL has nothing to do with client-side, nor PHP.

Look,…..all i was saying to guy (as his interest was in SQL injection) is if he’s serious about that type of code injection then have look at PHP injection too,…

and although my programming skills might not be on par with yours,..my previous statements are not incorrect and please don’t patronize me as I have not given any ill advise.

LOL @Tylman @r4v463 is correct.

SQL is processed on the server side.

If we simplify it, I hope you’ll get it,

Client: Clicks Search
Server: Runs search query sent by client.
Server: Returns search results
Client: Sees Search results.

It must run on the Server as the client doesn’t have the database to return the information.

Yes,…I Know,…my previous statement explains exactly what you’ve simplified,….

[quote=Tylman]PHP is a server-side scripting language usually implemented as a module in the Apache webserver - it is able to do tasks on the servers such as issue SQL queries to a database as well as create HTML on the fly. It only runs within the webserver in RESPONSE to a USER’S web request i.e CLIENT SIDE!![/quote]

And when I said SQL handles client side I was talking about client input to the server,…that queries task is then controlled by PHP within the server to the database,…. SQL and PHP usually go hand in hand, they work together which is why I said there like two side’s of coin,…

Sure this isn’t always the case but for some one interested in SQL injection you should definitely explore PHP injection along side it,….this all I was trying to say.

As usual, you are all wrong. ;)
(Or at least not completely right.)

Client-side and server-side refer to two roles in a communication. When you are talking about a browser requesting a page from a webserver (and indirectly PHP), that is one communication. When you are talking about PHP getting data from a database, you are (normally) talking about another connection. PHP is on the server-side of the first connection, but on the client-side of the second connection.

Often we don’t really want to explicitly consider the internal communications that happen on a (web)server and possible back-end servers. In that case we say that all of that happens server-side. However, this is only because in that case we look from the perspective of the communication between the browser and the webserver.

That said, never ever would we call things client-side because something is done because of client input. Handling client input is the core business of a server, so handling it is pretty much per definition server-side.