i'm in process of learning php , mysql. came across example of sql injection php man page, final injected sql query was:
select * users user='aidan' , password='' or ''='' i'm confused or ''='' means in context? know statement does, i'm trying understand how can used in scenario, , ''='' signifies.
thanks!
if accepting query in format of select * users user='aidan' , password='$password' user fill in ' or ''=' password close out password field , allow sql query check if ''='' return true , cause them gain access without entering valid password.
Comments
Post a Comment