A3:2021 | SQL Injection Advanced (2) | Cycubix Docs

/* */          are inline comments
-- , #          are line comments

Example: SELECT * FROM users WHERE name = 'admin' -- AND pass = 'pass'

;        allows query chaining

Example: SELECT * FROM users; DROP TABLE users;

',+,||         allows string concatenation
Char()         strings without quotes

Example: SELECT * FROM users WHERE name = '+char(27) OR 1=1

The Union operator is used, to combine the results of two or more SELECT Statements.

Rules to keep in mind, when working with a UNION:

The number of columns selected in each statement must be the same.
The datatype of the first column in the first SELECT statement, must match the datatype of the first column in the second (third, fourth, …) SELECT Statement. The Same applies to all other columns.

SELECT first_name FROM user_system_data UNION SELECT login_count FROM user_data;

The UNION ALL Syntax also allows duplicate Values.

The Join operator is used to combine rows from two or more tables, based on a related column

SELECT * FROM user_data INNER JOIN user_data_tan ON user_data.userid=user_data_tan.userid;

For more detailed information about JOINS visit: https://www.w3schools.com/sql/sql_join.asp

Last updated 1 year ago

Was this helpful?