http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
' UNION SELECT name, type, id FROM sysobjects;--- the initial apostrophe closes the opening quote in the original SQL statement.
- the two dashes at the end starts a comment, which means that anything left in the original SQL statement is ignored.
SQL Injection
http://en.wikipedia.org/wiki/SQL_injection
' or '1'='1' or '1'='1' -- '' or '1'='1' ({ '' or '1'='1' /* 'If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of '1'='1' is always true.
http://www.wwwcoder.com/main/parentid/258/site/2966/68/default.aspx
No comments:
Post a Comment