Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Robert'); DROP TABLE STUDENTS; --
- q = "INSERT INTO Students VALUES ('" + FNMName.Text + "', '" + LName.Text + "')";
- INSERT INTO Students VALUES ('Robert'); DROP TABLE Students; --', 'Derper')
- INSERT INTO Students VALUES ( '$Name' )
- INSERT INTO Students VALUES ( 'Robert' ); DROP TABLE STUDENTS; --' )
- $query="SELECT * FROM users WHERE username='" . $_REQUEST['user'] . "' and (password='".$_REQUEST['pass']."')";
- $result=mysql_query($query);
- SELECT * FROM users WHERE username='peter' and (password='secret')
- ' OR '1'='1
- SELECT * FROM users WHERE username='peter' and (password='' OR '1'='1')
- INSERT INTO 'students' ('first_name', 'last_name') VALUES ('$firstName', '$lastName');
- INSERT INTO 'students' ('first_name', 'last_name') VALUES ('Robert'); DROP TABLE students; --', 'XKCD');
- void createStudent(String name) {
- database.execute("INSERT INTO students (name) VALUES ('" + name + "')");
- }
- INSERT INTO students (name) VALUES ('Robert'); DROP TABLE STUDENTS --')
- Select *
- From Students
- Where (Name = '<NameGetsInsertedHere>')
- Select *
- From Students
- Where (Name = 'Robert'); DROP TABLE STUDENTS; --')
- -- ^-------------------------------^
- sql = "SELECT * FROM STUDENTS WHERE (STUDENT_NAME = '" + student_name + "') AND other stuff";
- execute(sql);
- $sql = "INSERT INTO `Students` (FirstName, LastName) VALUES ('" . $fname . "', '" . $lname . "')";
- Robert'); DROP TABLE STUDENTS; --
- String query="Select * from student where username='"+student_name+"'";
- statement.executeQuery(query); //Rest of the code follows
- Select * from student where username='Robert'); DROP TABLE STUDENTS; --
- Select * from student where username='Robert');
- DROP TABLE STUDENTS; --
Add Comment
Please, Sign In to add comment