Courtesy: hostingslist.com

This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements
performed on the database by the end-user of the application. The following line of code illustrates this vulnerability: statement = "SELECT * FROM `users` WHERE `name` = '" + userName + "';" This SQL code is designed to pull up the records of the specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended. For example, setting the "userName"
variable as ' or '1'='1

1 comment:

thank you for your comment!

Narrative Fiction: Mate's obsession

Mate’s Obsession My mate is a vampire – the one without those fangs; she’s reluctant of giving up on me. She likes me. She dislikes me. She...