- or download this
SELECT email, passwd, login_id, full_name FROM members WHERE email = '
+$email';
x'; UPDATE members SET email = 'steve@unixwiz.net' WHERE email = 'bob@
+example.com
SELECT email, passwd, login_id, full_name FROM members WHERE email = '
+x'; UPDATE members SET email = 'steve@unixwiz.net' WHERE email = 'bob
+@example.com';
- or download this
my $sth = $dbh->do ("select * from users; drop database screwme;" );
- or download this
my $sth = $dbh->prepare ("select * from users; drop database screwme;"
+ );
$sth->execute();
- or download this
DBD::mysql::db do failed: You have an error in your SQL syntax. Check
+the manual that corresponds to your MySQL server version for the righ
+t syntax to use near '; drop database screwme' at line 1...
- or download this
# ...load the DBI and connect to your database first
...
while ( my @row = $sth->fetchrow_array() ) { print join("-",@row) , "<
+br>"; } # instead of the form, weīre lazy, arenīt we? Thatīs good!
- or download this
5' or 1='1
- or download this
select username, password from users where sid=' 5' or 1='1 ';
- or download this
5' or 1=1 LIMIT 1,'1
- or download this
5' or 1=1 HAVING username<'c
- or download this
my $sth = $dbh->prepare ("select username, password from users where s
+id='$input';" );
- or download this
sid= ' $input '
- or download this
my $sth = $dbh->prepare ("select username, password from users where s
+id='?';" );
my $affected = $sth->execute ( $input );
- or download this
$input =~ /'/\\'/g;