SQL INJECTION Mariadb/Mysql
En este video veras como hacer una SQL INJECTION, esto muestra el porque se deben validar caracteres en las consultas.
In this video you will see how to do a SQL INJECTION, this shows why characters must be validated in queries.
Example:
SELECT * FROM users where name = ‘usuario’ or ‘1’ = ‘1’ password = ‘usuario’ or ‘1’ = ‘1’;
Validar si escapa caracteres. CORRECTO
Check if escaping characters. CORRECT
Acuerdense que la consulta nos piden dos condiciones verdaderas.
Remember that the query asks us for two true conditions.
1 = 1 always is correct .-.
link: https://demo.testfire.net/index.jsp