How can i update a table using SQL Injection?

Issue

How can i able to update a table in a MySQL database using SQL Injection?

I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.

Kindly give me an idea professionals…

Solution

You may want to try entering Robert'); DROP TABLE students; -- in your form 🙂

alt text

In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; -- as his name. Now imagine if that input was used in this query:

SELECT * FROM students WHERE name = '$input'

As you can see, if we substitute $input for what Bobby entered, you’ll get this

SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'

Which are two very valid SQL commands, and a comment.

You may also want to research earlier Stack Overflow questions on SQL Injection.

Answered By – Daniel Vassallo

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published