How can I update a table using SQL Injection?

Question

How can I update a table using SQL Injection?

How can I update a table in a MySQL database using SQL Injection ?

I heard about how we can enter a query in the address bar, and you can update the table in the MySQL database. But I'm not so sure about that.

Please give me the idea of professionals ...

+3

mysql sql-injection

Fero Oct 08 '10 at 11:39

source share

1 answer

Daniel Vassallo · Accepted Answer · 2010-10-08T11:42:00+0000

You can try typing Robert'); DROP TABLE students; --in your form :)

alt text

In the above xkcd cartoon , Bobby was probably asked to fill out his name on the form, but he mischievously inserted Robert'); DROP TABLE students; --as his name. Now imagine if this request was used in this request:

SELECT * FROM students WHERE name = '$input'

, $input , ,

SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'

SQL .

, SQL Injection.

How can I update a table using SQL Injection?

More articles: