I am trying to drop/empty table using user inputs.
My SQL code is $sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'"
;
I am typing or 1=1#
to login without username and password which works perfectly!
Any idea how can I drop/empty the contain of table (users)?
I have tried so may ways like:
or DROP TABLE users
; or DROP TABLE users
; or DROP TABLE users
The SQL injection that you are trying to do use the closing of the request, by closing the argument with '
. So, you should begin by closing the actual ' before trying to do something else.
For example:
SELECT * FROM users WHERE username = ''; here do what you want;'';
Here, the name was '; here do what you want;'
'; here do what you want;'
. Composed of:
'
closing WHERE
section ;
closing the request that is sensitive to SQL injectionDROP TABLE users;
'
to re-open what we closed at the begin I found the solution: I used query() instead of multi_query()
multi_query() can take more than one queries at one time.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.