Slacker News Slacker News logo featuring a lazy sloth with a folded newspaper hat
  • top
  • new
  • show
  • ask
  • jobs
Library
← Back to context

Comment by wglb

2 months ago

Injections don't always need ''. The statements

  1=1

and

  1=0

if injected into a query will give different answers if SQLI exists.

There are MANY other tricks that don't involve ''.

Besides, consider the number of valid queries done by the application that involve '*'. You are not going to turn that off.

0 comments

wglb

Reply

No comments yet

Contribute on Hacker News ↗

Slacker News

Product

  • API Reference
  • Hacker News RSS
  • Source on GitHub

Community

  • Support Ukraine
  • Equal Justice Initiative
  • GiveWell Charities