Second-Order SQL Injection

Second-Order SQL Injection

Second-order injection occurs when malicious input is stored safely but later used unsafely in a different context:

// Initial storage (appears safe)
$username = mysqli_real_escape_string($conn, $_POST['username']);
$query = "INSERT INTO users (username) VALUES ('$username')";
mysqli_query($conn, $query);

// Later usage (vulnerable)
$query = "SELECT * FROM user_profiles WHERE username = '" . $row['username'] . "'";
// If stored username contains SQL injection, it executes here

This delayed execution makes second-order injection particularly insidious—the vulnerability might not manifest until weeks or months after the malicious input is stored.