SQL Injection in UPDATE query

[spliter]

I have been studying MySQL INjections and Ive been wondering, how would a hacker take advantage of an UPDATE query and execute malicious codes? Most of the articles Ive read around here are all done in SELECT query but never in other queries.

THANKS!!

[mischief]

http://marc.info/?l=bugtraq&m=111885974124936&w=2

if you read there you can see that someone could insert a rating of their own into the mambo CMS voting system. so, for example, if you were playing a game that used SQL statements that were invalidated and injectable by the user, for example the bonus given to skills when you level up, you could increase your levels several times instead of just one, or however many points it increases.

[spliter]

hmm, but then one could only edit the value of the columns that are already selected in the query? For example is a hacker able to use a query like "UPDATE people SET name='blah' WHERE age='".$age."'" to update, select, or delete a column located in another table?