Search
 
SCRIPT & CODE EXAMPLE
 

SQL

sql injection

imagine if there is an input line on website where you type a name of some dish
to find it , then it will look like something like this:
--------------------------------------------------------------------------------
Your regular input: 
	"Salad" => InputString = "Salad"
query on serever: 
	select * from menu where dish_name = InputString
    					or
    select * from menu where dish_name = 'Salad'
--------------------------------------------------------------------------------
Your injection try:
	"Salad'; drop table menu --" => InputString = "Salad'; drop table menu --"
query on serever: 
	select * from menu where dish_name = InputString
    					or
    select * from menu where dish_name = 'Salad'; drop table menu --'
--------------------------------------------------------------------------------
what we are doing is using "Salad';" in input to be able to create new query
after that line , then adding "drop table menu" query or something else if you 
want and in the end "--" part to comment the rest (in our case the apostrophe) 
so we dont get syntax exeption. thats how we dropped menu table

To Defend server: filter symbols like - ; ) etc.  [sorry im not too good in eng]
Comment

SQL Injection

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
Comment
PREVIOUS NEXT
Code Example
Sql :: hyphen error in database mysql 
Sql :: postgres backup of table 
Sql :: if exist column in table drop sql query mysql 
Sql :: sql server download for windows 10 64 bit 
Sql :: case statement in sql 
Sql :: sql division operator 
Sql :: postgresql add not null and not empty constraint 
Sql :: create table 
Sql :: how to add multiple column in mysql 
Sql :: arithmetic expression in sql 
Sql :: CREATE table schema using select 
Sql :: TSQL convert csv to table 
Sql :: install sql server management studio ubuntu 
Sql :: import mysql dump 
Sql :: sql select distinct 
Sql :: fanyi 
Sql :: SQL SELECT AS Alias 
Sql :: current month transactions in mysql 
Sql :: identitye atama yapma SQL 
Sql :: how to count codition 
Sql :: Insert into Select * - NAYCode.com 
Sql :: fonction stockée sql*plus 
Sql :: alter domain sql 
Sql :: MySQL Age Counter 
Sql :: postgresql Change role for the current session to the new_role 
Sql :: learnxinyminutes sql 
Sql :: SQLALCHEMY track is set to true or false 
Sql :: downgrading sql localdb visual studio 
Sql :: sql trigger to call stored procedure with parameters 
Sql :: SQL TABLE : SUBSCRIPTION, PRODUCT, SPECIFICATION 
ADD CONTENT
Topic
Content
Source link
Name
9+3 =