Monday, November 19, 2018

sql server - What is mean -- ' in mysql injection?

Answer


Answer





I am studying about mysql injection.



To complete query command, Injection code use -- '.



In mysql cmd, '' -- ' is work.



But '' --' is not work. It is waiting '




why '' -- ' is work?


Answer



All these things has absolutely nothing to do with "injections".
That's SQL syntax.



-- means comment



as it was pointed out in the comments, a space is necessary after two dashes (in mysql though. in Postgres, AFAIK, no space is required, which is a source for some unwanted behavior, like decrementing a field with negative value, foo = foo --1)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...