What does it mean?

Asked Mar 16 '17 at 12:41

Active Mar 16 '17 at 12:48

Viewed 43 times

string query = "SELECT * 
                FROM users 
                WHERE username = "'" + username + "' 
                      AND password = '" + password + "'"; 
Since this query is constructed by concatenating an input string directly from the user, the query behaves correctly only if password does not contain a single-quote character. If the user enters
__"
joe
"
as the username and
"
example' OR 
 'a'='a
as the password, the resulting query 
becomes__

I want to know what the single quote character means

edited Mar 16 '17 at 12:48

PM 77-1

12,933
21
68
111

asked Mar 16 '17 at 12:41

Utkarsh Agrawal

5

Possible duplicate of [How does the SQL injection from the "Bobby Tables" XKCD comic work?](http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work) – AKX Mar 16 '17 at 12:42
Please next time use more orthodox formatting for your question. – fvu Mar 16 '17 at 12:44
No my question is different – Utkarsh Agrawal Mar 16 '17 at 12:44
`"` - double quote character, `'` - single quote character – PM 77-1 Mar 16 '17 at 12:44
@ PM 77-1 i think you are so tallented thats y you giving this nonsense answer.. – Utkarsh Agrawal Mar 16 '17 at 16:42

What does it mean?

0 Answers0