It is possible for a hacker to enter the following seemingly innocuous text into the UserName textbox to gain entry to the system without having to know a valid user name and password:
' Or 1=1 --
The hacker breaks into the system by injecting malformed SQL into the query. This particular hack works because...
Read more »
all SQL's
SQL db Injection, Cross-Scripting, RFI, and LFI
in SQL, first, select, then update or delete.
My notes and sample code from experimenting and cleaning-up data.
Always run a select statement before running an update or delete.
Note: The phpMyAdmin tool, which is very valuable, adds "limit 0,30" to the end of most SELECT statements so don't be tricked into thinking you have been shown all the selected records. You can...
Read more »
SQL: from WHERE to HAVING
WHERE filters results before they are grouped.
HAVING filters results after they are grouped.
correct:
count players by team:
SELECT COUNT(*) count, plheight_ft
FROM ALplayers
WHERE plheight_ft = 6
GROUP BY plheight_ft
ORDER BY count ...
Read more »
