Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.ms-sqlserver > #1867
| From | "Tony Johansson" <johansson.andersson@telia.com> |
|---|---|
| Newsgroups | comp.databases.ms-sqlserver |
| Subject | Re: SQl -injection |
| Date | 2015-01-29 11:03 +0100 |
| Organization | A noiseless patient Spider |
| Message-ID | <mad0gl$bf8$1@dont-email.me> (permalink) |
| References | <maai3j$iu8$1@dont-email.me> <maaotr$e36$1@dont-email.me> |
Yes I can understant why it fetches alla the rows now.
Many thanks.
//Tony
"Lennart Jonsson" <erik.lennart.jonsson@gmail.com> skrev i meddelandet
news:maaotr$e36$1@dont-email.me...
> On 2015-01-28 12:45, Tony Johansson wrote:
>> In the form there is a text field for name
>>
>> This query is meant to be used like his
>> select Namn, Adress, Telefonnummer
>> from Abonnent
>> where Namn = 'Olle Karlsson' //This name is fetched from the text
>> field name in the form
>> and hemligtNummer = false;
>>
>> If now the user enter some strange character in the text field in the
>> form like this
>> select Namn, Adress, Telefonnummer
>> from Abonnent
>> where Namn = 'Olle Karlsson' or 'a'='a' or 'a'='a'
>> and hemligtNummer = false;
>>
>> I don't understand how the second query can result that all rows will be
>> fetched
>>
>
> The where clause evaluates to
>
> where Namn = 'Olle Karlsson'
> or 'a'='a'
> or ('a'='a' and hemligtNummer = false);
>
>
> /Lennart
>
>
Back to comp.databases.ms-sqlserver | Previous | Next — Previous in thread | Next in thread | Find similar
SQl -injection "Tony Johansson" <johansson.andersson@telia.com> - 2015-01-28 12:45 +0100
Re: SQl -injection Lennart Jonsson <erik.lennart.jonsson@gmail.com> - 2015-01-28 14:41 +0100
Re: SQl -injection "Tony Johansson" <johansson.andersson@telia.com> - 2015-01-29 11:03 +0100
Re: SQl -injection Erland Sommarskog <esquel@sommarskog.se> - 2015-01-28 13:45 +0000
csiph-web