Understanding the --+ operator in SQL

Discuss the many weaknesses of browser security and ways to mitigate the threat

Understanding the --+ operator in SQL

Post by 5ilic0n on Sun Apr 28, 2013 1:36 am
([msg=75414]see Understanding the --+ operator in SQL[/msg])

Alright, I'm just a beginner in SQL, but I need help understanding what's going on here.

So let's say we have this query:
Code: Select all
qry = "INSERT INTO Students VALUES ('" + tbName.Text + "', " + tbSSN.Text + ")";


I assume that "+tbName.Text+" is making tbName.Text into a string because of adding the double quotes. Is that true? The single quotes are needed to actually insert a string into the db. If I'm wrong, just tell me so.

So I was reading about enumerating columns with the "order by" clause. I also read this following statement:
Code: Select all
http://www.victim.com/index.php?id=10' order by 2--+


I've seen something like "order by 2--" but I haven't seen the plus before. Is it similar to what is happening in the insert query? If someone can show me some possible php code that would make 'order by 2--+ work, then I'd be grateful. I'm still confused on what the + is doing if -- comments everything..

-- Tue Apr 30, 2013 12:14 am --

Nevermind.

This was a silly question. According to the MySQL manual, a "--" comment cannot be followed by a control character, so a space is required. A "+" sign gets interpreted as a space by the url, so the comment is valid.

:oops:
5ilic0n
New User
New User
 
Posts: 22
Joined: Sat Apr 06, 2013 3:08 am
Blog: View Blog (0)


Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests