In this case, the developer fails to filter the input for escape
characters and He directly pass the input to SQL statement. This leads to vulnerability.
Consider this code:
statement = "SELECT * FROM `users` WHERE `name` = '" + userName + "';"
This code can check the username in datbase. associate degree aggressor will use malicious codes to inject his own question. for eg:
He can use the comments to block the rest of the query .
for eg:
SELECT * FROM `users` WHERE `name` = '' OR 1=1 -- ;
Here name=' ' is false. But '1'='1' is true. Here we used OR operator. So it is enough to one condition is true. So this will query bypass the login.
-------------------------------------------------------------------------------------------
Consider this code:
statement = "SELECT * FROM `users` WHERE `name` = '" + userName + "';"
This code can check the username in datbase. associate degree aggressor will use malicious codes to inject his own question. for eg:
' or 1=1he can enter the above code instead of the username. So the SQL statement will become like this:
SELECT * FROM `users` WHERE `name` = '' OR 1=1;
He can use the comments to block the rest of the query .
for eg:
' or 1=1 --so the query will become like this:
SELECT * FROM `users` WHERE `name` = '' OR 1=1 -- ;
Here name=' ' is false. But '1'='1' is true. Here we used OR operator. So it is enough to one condition is true. So this will query bypass the login.
