Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Just looking at:
(Source: https://xkcd.com/327/)
What does this SQL do:
Robert'); DROP TABLE STUDENTS; -- I know both ' and -- are for comments, but doesn’t the word DROP get commented as well since it is part of the same line?
It drops the students table.
The original code in the school’s program probably looks something like
This is the naive way to add text input into a query, and is very bad, as you will see.
After the values from the first name, middle name textbox FNMName.Text (which is
Robert'); DROP TABLE STUDENTS; --) and the last name textbox LName.Text (let’s call itDerper) are concatenated with the rest of the query, the result is now actually two queries separated by the statement terminator (semicolon). The second query has been injected into the first. When the code executes this query against the database, it will look like thiswhich, in plain English, roughly translates to the two queries:
and
Everything past the second query is marked as a comment:
--', 'Derper')The
'in the student’s name is not a comment, it’s the closing string delimiter. Since the student’s name is a string, it’s needed syntactically to complete the hypothetical query. Injection attacks only work when the SQL query they inject results in valid SQL.Edited again as per dan04‘s astute comment