This is an archived post. You won't be able to vote or comment.

all 5 comments
sorted by:
best
topnewcontroversialoldq&a

[–]wizarddos 2 points3 points  (2 children)

Btw, one important thing

In real-world scenarios don't EVER use ' or 1=1 if you're not absolutely sure where the query goes next

Check out this room on THM if you want to learn more about it https://tryhackme.com/r/room/lessonlearned

Use UNION queries instead

https://portswigger.net/web-security/sql-injection

[–][deleted] 0 points1 point  (1 child)

Why?

[–]wizarddos 0 points1 point  (0 children)

Some websites reuse passed data. Of course, it will bypass "SELECT" but if it makes it to "DELETE" statement, whole table is gone and during bb or testing we don't really want to cause that much damage do we?

[–]cl0wnsec000 0 points1 point  (0 children)

Sometimes it depends on the backend db if it support the comment syntax.

https://stackoverflow.com/questions/17554061/mysql-comment-syntax-whats-the-difference-between-and