SQL Injection security question

Hi.

I wanted to know if there are any security holes using this query.

mysql_query('SELECT * FROM news WHERE ' . $query);

I try to get informations from other tables or (if possible) even CHANGE values in other tables.

I tried using query=; UPDATE news … or query=– UPDATE news …

but nothing really worked.

Is there any way doing this? Or at least get informations from other tables?

Thanks in advance.

im not a php or sql person im more fo a pelr person but i think it would be something like

SELECT * FROM users WHERE password=*

to get a list of every users password

Well, I'm only able to modify the WHERE-condition.

So SELECT * FROM news WHERE is constant and I am able to change everything behind it.

SELECT * FROM news WHERE 1; would list all news - but I don't want to see the boring news. I'd like to see all users for example.

UNION commands?? I'm assuming there's some reason they wouldn't work or you've tried them already but meh… I have really crappy knowledge of SQL

if you want to select, do a UNION and make sure you finish the sql query with a – if its SQL or /* if its mysql.

blind sql injection here you could make the $query equal to 1 AND substring(SYSTEM_USER(),1,1)="a" and this could be used to brute force database information.

try brute force