dr98
Reputation: 35
SQL Injection: or 1=1 vs ' or 1=1; -- -
Trying to learn and understand SQL injection.
Can anyone explain to me why ' or 1=1; -- - allowed me to bypass authentication and or 1=1 did not?
Upvotes: 0
Views: 122638
Answers (1)
Cetin Basoz
Reputation: 23797
Think of a query that is built using string concatenation:
"select * from myTable where id = '" + txtIdEnteredByUser +"'"
If the end user inputs:
' or 1=1; --
then the query becomes:
select * from myTable where id = '' or 1=1; --'
That is a valid query and always evaluates to true because of the (OR 1=1), as a result the whole table values are returned.
However, if the user input was:
or 1=1;
the query becomes:
select * from myTable where id = ' or 1=1;'
which is query that wouldn't return something (likely).
Upvotes: 12
Related Questions
- what is the difference between 1 and '1'?
- sql injection. What is the difference between " 'OR 1=1 #" and " ' OR 1=1 -- "?
- Why does this SQl injection only work together with AND ''='?
- SQL injection ,why should you write 0 or 1=1
- SQL injection concatenation vs parameter
- Why is WHERE ""="" true?
- sql injection boolean syntax
- How exactly does using OR in a MySQL statement differ with/without parentheses?
- Why does 'OR''=' work for SQL Injection?
- ORM and SQL injections