I am studying about mysql injection.
To complete query command, Injection code use -- '.
In mysql cmd, '' -- ' is work.
But '' --' is not work. It is waiting '
why '' -- ' is work?
Asked
Active
Viewed 1,315 times
-3
somputer
- 235
- 2
- 8
-
2Because the SQL comment syntax is dash dash **space**. No space, not a comment. – rlanvin Aug 27 '15 at 13:53
-
Do you understand the basic premise of what sql injection is? – Sean Lange Aug 27 '15 at 14:27
1 Answers
-2
All these things has absolutely nothing to do with "injections".
That's SQL syntax.
-- means comment
as it was pointed out in the comments, a space is necessary after two dashes (in mysql though. in Postgres, AFAIK, no space is required, which is a source for some unwanted behavior, like decrementing a field with negative value, foo = foo --1)
Your Common Sense
- 156,878
- 40
- 214
- 345