Menu
How can i able to update a table in a MySQL database using SQL Injection?
I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.
Kindly give me an idea professionals...
501
Open the database that contains the records you want to update. On the Create tab, in the Queries group, click Query Design. Click the Tables tab. Select the table or tables that contain the records that you want to update, click Add, and then click Close.
ALTER Command: ALTER is used to update the structure of the table in the database (like add, delete, modify the attributes of the tables in the database).
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
You may want to try entering Robert'); DROP TABLE students; -- in your form :)
In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; -- as his name. Now imagine if that input was used in this query:
SELECT * FROM students WHERE name = '$input'
As you can see, if we substitute $input for what Bobby entered, you'll get this
SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'
Which are two very valid SQL commands, and a comment.
You may also want to research earlier Stack Overflow questions on SQL Injection.
162
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
