The plugin family "SQL Injection" scans the request for any remote SQL injection vulnerability. It tries to insert payloads to test if it was possible to inject SQL commands into your code.

Chorizo's Advisor will give you more detailed information about the problem itself, a general solution and provides a solution PHP code how to solve your problem, especially explaining the different methods of escaping your code.

Chorizo! tries to provoke a SQL error. It detects the success of the injection by checking the result HTML page if there's a SQL error from PHP. Chorizo! won't succeed if you set your php.ini settings to display_errors=Off and log SQL errors into a logfile on the server - due to the nature of Chorizo!, it can't detect SQL errors in this case with the free version.

If you decide to upgrade to Chorizo! Standard, you get access to Morcilla, a server side PHP extension which is able to hook into every PHP function - and therefor is able to give Chorizo! concrete information if there's an error i.e. in mysql_error() or PDO's query functions. Furthermore, it detects a lot more errors like in shell_exec, preg_*, fopen, mail and others. Please upgrade on your "My Chorizo" page by buying the Standard product which gives you a lot more benefits.

Back to Help Center.