Published on September 27th, 2015 📆 | 7949 Views ⚑
0SQL Injection Basics Level 1 – SQL Injection
iSpeech.org
SQL Injection Level 1 Basics Gaining Access into the Site..
This form of SQL injection occurs when the users input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements performed on the database by the end-user of the application.
This SQL code is designed to pull up the records of the specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended.
For example, setting the "userName" variable as:
' OR '1'='1
video, sharing, camera phone, video phone, free, upload
2015-09-27 08:39:58
source
Gloss