Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
ktopolski428y@JohanO Was not my idea nor my car, but this picture became famous in Poland as perfect example of useful SQLi :D. I don't think it worked though :)
-
620hun81888y@boomi @xydac I'm familiar with the concept, but what does this actually do? I tried to Google it, but no luck.
-
@620hun I think it drops the table but all I know it makes it so the table entry will not be usefull
-
JohanO20488yyeah, actually I wanted it to be 'AND 0;-- .. but one is limited to 8chars - hard to form a legal sql statement under those conditions ;-)
Of course one could do ';-- but then everyone thinks its some kinda weird smiley... -
JohanO20488y@elazar I know. the point was that I didnt want my number to be 'inserted' so basically ';-- would do (regno would not be found) - I just added OR 0 for looks ;-)
-
JohanO20488y@elazar actually 'OR 1' is more interesting, then it would insert the first 'random' record it finds...or perhaps _all_ records ;-)
Interesting scenario for them to debug when _all_ cars in sweden passed through the same toll booth at the exact same time ;-) -
kurtr126508y*finds $1500 fine in the post... for the first time in your life your truley upset someone used bound parameters :P
About to order my personalized registration plate - no more toll fee's for me (I hope) :-)
undefined