Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what does /* in sql means?

Tags:

php

mysql

I have seen a piece of sql injection example code like below, what does the '/*' in sql means?

$_POST['username'] = chr(0xbf) . chr(0x27) . ' OR username = username /*';

$_POST['password'] = 'guess';

$mysql['username'] = addslashes($_POST['username']);

$mysql['password'] = addslashes($_POST['password']);

$sql = "SELECT * FROM   users WHERE  username = '{$mysql['username']}' AND password = '{$mysql['password']}'";

$result = $db->query($sql);
like image 871
xdazz Avatar asked Aug 15 '11 05:08

xdazz


1 Answers

/* is the beginning of a comment. */ ends the comment. The attacker is trying to comment out the remainder of the query.

like image 126
Asaph Avatar answered Sep 18 '22 15:09

Asaph