Skip to content

Commit

Permalink
Fixed column name on sql injection lesson 7
Browse files Browse the repository at this point in the history
maduck authored and nbaars committed May 29, 2018
1 parent 9a0995d commit 9587550
Showing 1 changed file with 3 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -2,8 +2,8 @@

The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:

-------------------------------------------------------
"select * from users where employee_id = " + userID;
-------------------------------------------------------
--------------------------------------------------
"select * from users where USERID = " + userID;
--------------------------------------------------

Using the form below try to retrieve all the users from the users table. You shouldn't need to know any specific user name to get the complete list, however you can use '101' to see the data for one user.

0 comments on commit 9587550

Please sign in to comment.