Robert'); DROP TABLE STUDENTS; -- q = "INSERT INTO Students VALUES ('" + FNM

1. Robert'); DROP TABLE STUDENTS; --
2.  
3. q = "INSERT INTO Students VALUES ('" + FNMName.Text + "', '" + LName.Text + "')";
4.  
5. INSERT INTO Students VALUES ('Robert'); DROP TABLE Students; --', 'Derper')
6.  
7. INSERT INTO Students VALUES ( '$Name' )
8.  
9. INSERT INTO Students VALUES ( 'Robert' ); DROP TABLE STUDENTS; --' )
10.  
11. $query="SELECT * FROM users WHERE username='" . $_REQUEST['user'] . "' and (password='".$_REQUEST['pass']."')";
12. $result=mysql_query($query);
13.  
14. SELECT * FROM users WHERE username='peter' and (password='secret')
15.  
16. ' OR '1'='1
17.  
18. SELECT * FROM users WHERE username='peter' and (password='' OR '1'='1')
19.  
20. INSERT INTO 'students' ('first_name', 'last_name') VALUES ('$firstName', '$lastName');
21.  
22. INSERT INTO 'students' ('first_name', 'last_name') VALUES ('Robert'); DROP TABLE students; --', 'XKCD');
23.  
24. void createStudent(String name) {
25. database.execute("INSERT INTO students (name) VALUES ('" + name + "')");
26. }
27.  
28. INSERT INTO students (name) VALUES ('Robert'); DROP TABLE STUDENTS --')
29.  
30. Select *
31. From Students
32. Where (Name = '<NameGetsInsertedHere>')
33.  
34. Select *
35. From Students
36. Where (Name = 'Robert'); DROP TABLE STUDENTS; --')
37. -- ^-------------------------------^
38.  
39. sql = "SELECT * FROM STUDENTS WHERE (STUDENT_NAME = '" + student_name + "') AND other stuff";
40. execute(sql);
41.  
42. $sql = "INSERT INTO `Students` (FirstName, LastName) VALUES ('" . $fname . "', '" . $lname . "')";
43.  
44. Robert'); DROP TABLE STUDENTS; --
45.  
46. String query="Select * from student where username='"+student_name+"'";
47.  
48. statement.executeQuery(query); //Rest of the code follows
49.  
50. Select * from student where username='Robert'); DROP TABLE STUDENTS; --
51.  
52. Select * from student where username='Robert');
53.  
54. DROP TABLE STUDENTS; --