How to find sql injection in my files

[GangLife]

I'm having trouble with a hacker lately and I can't seem to tell the difference from an hackable string from a unhackable string

I know I worded wrongly but you should understand what I mean, Thanks

[Dayo]

check to see if the query has any variables in the query that can be inputed via the user ie $_POST, $_GET, $_REQUEST etc ...

[Dave]

I'm having trouble with a hacker lately and I can't seem to tell the difference from an hackable string from a unhackable string

I know I worded wrongly but you should understand what I mean, Thanks

I know this doesn't really answer your question, but if you still live in the world of SQL injections it's probably about time you integrated something like PDO and bind your variables into your query.

There's a great write up on StackOverflow here: http://stackoverflow.com/a/60496

[sniko]

Also, consider he/she may be getting staff to do some actions without their consent or knowledge via ©SRF or XSS attacks.

See: https://www.owasp.org/index.php/Category:Attack

[GangLife]

Thanks Sniko you're freaking right, I think it was css after checking my support request plugin.

Still believe it got in by other method since I didn't receive any requests that day.

[Script47]

I know this doesn't really answer your question, but if you still live in the world of SQL injections it's probably about time you integrated something like PDO and bind your variables into your query.

There's a great write up on StackOverflow here: http://stackoverflow.com/a/60496

Shame on you for not promoting our Q&A site! :p

There is some good answers on here too.

MWG Q&A