How can i update a table using SQL Injection?
You may want to try entering Robert'); DROP TABLE students; --
in your form :)
In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; --
as his name. Now imagine if that input was used in this query:
SELECT * FROM students WHERE name = '$input'
As you can see, if we substitute $input
for what Bobby entered, you'll get this
SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'
Which are two very valid SQL commands, and a comment.
You may also want to research earlier Stack Overflow questions on SQL Injection.
Comments
-
Fero over 2 years
How can i able to update a table in a MySQL database using SQL Injection?
I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.
Kindly give me an idea professionals...
-
Fero over 13 yearsIs it possible to change by updating the table by entering the query in URL. kindly explain
-
Daniel Vassallo over 13 years@Fero: Yes it is. For example, if you use the querystring from the URL, and insert it into a
SELECT
statement, as inSELECT * FROM users WHERE username = '$querystring';
Then whatever you pass as the querystring can easily terminate thatSELECT
statement, and execute any another statement, as in the above cartoon. -
Daniel Vassallo over 13 yearsIn the above cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted
Robert'); DROP TABLE students; --
... Now imagine if that input was used in this query:SELECT * FROM students WHERE name = '$input'
... As you can see, if you substitute$input
for what Bobby entered, you'll get this:SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'
, which are two valid SQL commands. -
Daniel Vassallo over 13 years@Fero: You may want to start with the link that @Piskvor suggested in the above comments. Then I'd recommend going through Stack Overflow.