12 lines
650 B
Plaintext
12 lines
650 B
Plaintext
== Try It! Numeric SQL injection
|
|
|
|
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:
|
|
|
|
--------------------------------------------------
|
|
"SELECT * FROM user_data WHERE login_count = " + Login_Count + " AND userid = " + User_ID;
|
|
--------------------------------------------------
|
|
|
|
Using the two Input Fields below, try to retrieve all the data from the users table.
|
|
|
|
Warning: Only one of these fields is susceptible to SQL Injection. You need to find out which, to successfully retrieve all the data.
|