Simply get rid of other stuff at the end the of query. SELECT /*! 32302 1/0, */ 1 FROM tablenameĬlassical Inline Comment SQL Injection Attack Samples
Also you can use this to execute some code only if the server is higher than supplied version. If you put a code into this comments it's going to execute in MySQL only. It's perfect for detecting MySQL version. This is a special comment syntax for MySQL. DR/**/OP/*bypass blacklisting*/sampletable.This is going to log you as admin user, because rest of the SQL query will be ignored.Ĭomments out rest of the query by not closing them or you can use for bypassing blacklisting, removing spaces, obfuscating and determining database versions.
SELECT * FROM members WHERE username = 'admin'-' AND password = 'password'.Line Comments Sample SQL Injection Attacks
Line comments are generally useful for ignoring rest of the query so you don't have to deal with fixing the syntax. Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks Ending / Commenting Out / Line Comments Line Comments