Overwriting an uninitialized local variable in PHP



I'm addressing a PHP with a MySQL DB system.

A PHP script looks like this:

$sort_mode = $_GET['sort'];
if($sort_mode = 'ascendend') $query = "....";
else if($sort_mode = 'descendend') $query = "....";
...
mysql_query($query) or die();

This script does actually contain some serious problem because $sort_mode is not sanitized. But this variable is never used in a SQL query, so even if you modify the GET Parameter to become a SQL injection it won't be executed by the DB because this variable is not passed to the engine. The actual variable containing the query is $query. But since there's no else clause, $query is uninitialized, when you pass a string to the variable $sort_mode that is not contained in the if-then-else statement (e.g. $sort_mode = 'does_not_exist')

My question is if there is a way to "initialize" the variable $query myself as an attacker from the outside, so that I can write my on SQL query.

This question is related to a webapp review I'm doing at the moment.

Thx in advance!



Relevant Pages