问题
How can i able to update a table in a MySQL database using SQL Injection?
I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.
Kindly give me an idea professionals...
回答1:
You may want to try entering Robert'); DROP TABLE students; -- in your form :)
In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; -- as his name. Now imagine if that input was used in this query:
SELECT * FROM students WHERE name = '$input'
As you can see, if we substitute $input for what Bobby entered, you'll get this
SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'
Which are two very valid SQL commands, and a comment.
You may also want to research earlier Stack Overflow questions on SQL Injection.
来源:https://stackoverflow.com/questions/3890091/how-can-i-update-a-table-using-sql-injection