sql injection operator explanation

Asked Apr 27 '13 at 22:08

Active Apr 27 '13 at 22:08

Viewed 80 times

I'm learning about SQL injection, and I learned that one type of blind sql injection is to find the number of columns in a table like this for example:

category.php?id=10' order by 5--

But then I saw something like the following:

category.php?id=10' order by 5--+

Can anyone explain the purpose of the plus sign? I'm not sure how MySQL handles that operator in this context. Can anyone think of an example of how this applies if the query is being executed through PHP.

asked Apr 27 '13 at 22:08

Ci3

4,632
10
34
44

Why don't you run it and see what happens? – Dan Bracuk Apr 27 '13 at 22:26
See [How does the SQL injection from the “Bobby Tables” XKCD comic work?](http://stackoverflow.com/a/332367) – eggyal Apr 27 '13 at 23:03
@Jocelyn: Whilst that question may help answer this one, they are not duplicates. – eggyal Apr 28 '13 at 07:20

sql injection operator explanation

0 Answers0