when i use acunetix on my page i get a: Blind SQL/XPath injection

header: GET /file.php?id=2'+and+31337-31337=0+--+&page=2

response:

no files found

here is my php code:

$id = (int) htmle开发者_开发百科ntities($_GET['id']);
$fileid = mysql_real_escape_string($id);

the query:

SELECT * FROM `files` WHERE `id` = '".$fileid."'

what am i doing wrong? can someone erase my database just with this? im also getting the same message at some queries almost equal to that one but that also have limit 0,1

i'm using paginator (i fixed some injections that where in that script) but the example i gaved its not using it

Casting the id on int should already prevent any chance of SQL injection attacks (as far as I know).

$id = (int) $_GET["id"];
$Query = "SELECT * FROM files WHERE id = $id;";

file.php?id=abcabc would result in $id = 0, so in worst case you won't find any record matching this id, but $id would never contain any string (especially not SQL) because of this integer cast.

I hope that's what you wanted to know.

I believe Acunetix is really buggy, doesn't seems to exist any SQL injection vulnerability at all.