SQL injection to drop/empty table

Question

I am trying to drop/empty table using user inputs.

My SQL code is $sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'" ;

I am typing or 1=1# to login without username and password which works perfectly!

Any idea how can I drop/empty the contain of table (users)?

I have tried so may ways like:

or DROP TABLE users ; or DROP TABLE users ; or DROP TABLE users

Answer 1

The SQL injection that you are trying to do use the closing of the request, by closing the argument with ' . So, you should begin by closing the actual ' before trying to do something else.

For example:

SELECT * FROM users WHERE username = ''; here do what you want;'';

Here, the name was '; here do what you want;' '; here do what you want;' . Composed of:

• ' closing WHERE section
• ; closing the request that is sensitive to SQL injection
• You SQL request, for you DROP TABLE users;
• ' to re-open what we closed at the begin

Answer 2

I found the solution: I used query() instead of multi_query()

multi_query() can take more than one queries at one time.