imagine if there is an input line on website where you type a name of some dish
to find it , then it will look like something like this:
--------------------------------------------------------------------------------
Your regular input:
"Salad" => InputString = "Salad"
query on serever:
select * from menu where dish_name = InputString
or
select * from menu where dish_name = 'Salad'
--------------------------------------------------------------------------------
Your injection try:
"Salad'; drop table menu --" => InputString = "Salad'; drop table menu --"
query on serever:
select * from menu where dish_name = InputString
or
select * from menu where dish_name = 'Salad'; drop table menu --'
--------------------------------------------------------------------------------
what we are doing is using "Salad';" in input to be able to create new query
after that line , then adding "drop table menu" query or something else if you
want and in the end "--" part to comment the rest (in our case the apostrophe)
so we dont get syntax exeption. thats how we dropped menu table
To Defend server: filter symbols like - ; ) etc. [sorry im not too good in eng]
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;