mysql syntax clarification ' ' = ' '

Question

I'm in the process of learning PHP and MySQL. I came across an example of a SQL injection from the PHP man page, where the final injected SQL query was:

SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''

I'm confused about what the OR ''='' means in this context? I know what that statement does, but I'm just trying to understand how it can be used in another scenario, and what the ''='' signifies.

Thanks!

Answer 1

It's just an expression that means true, it's not likely to be used on other scenarios

Answer 2

If you were accepting a query in the format of SELECT * FROM users WHERE user='aidan' AND password='$password' a user could fill in ' OR ''=' for the password which will close out the password field and then allow the SQL query to check if ''='' which will return true and cause them to gain access without entering a valid password.

Answer 3

1. ''='' evaluates always to true.
2. The whole condition password='' OR ''='' evaluates therefore also to true.

→ The password will not be checked and you are able to gain user access without a correct password.