Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail From: Lennart Jonsson Newsgroups: comp.databases.ms-sqlserver Subject: Re: SQl -injection Date: Wed, 28 Jan 2015 14:41:48 +0100 Organization: A noiseless patient Spider Lines: 31 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Wed, 28 Jan 2015 13:41:15 +0000 (UTC) Injection-Info: mx02.eternal-september.org; posting-host="5f53882e1b0b5de864e88de647f19c93"; logging-data="14438"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18kjZO2S4SUAghCJmf2/E50" User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 In-Reply-To: Cancel-Lock: sha1:tjolArO/iSSnbJrY7s/+DuojH0M= Xref: csiph.com comp.databases.ms-sqlserver:1865 On 2015-01-28 12:45, Tony Johansson wrote: > In the form there is a text field for name > > This query is meant to be used like his > select Namn, Adress, Telefonnummer > from Abonnent > where Namn = 'Olle Karlsson' //This name is fetched from the text > field name in the form > and hemligtNummer = false; > > If now the user enter some strange character in the text field in the > form like this > select Namn, Adress, Telefonnummer > from Abonnent > where Namn = 'Olle Karlsson' or 'a'='a' or 'a'='a' > and hemligtNummer = false; > > I don't understand how the second query can result that all rows will be > fetched > The where clause evaluates to where Namn = 'Olle Karlsson' or 'a'='a' or ('a'='a' and hemligtNummer = false); /Lennart