I have a question about commenting out the sql query.
The sql query has that form $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
So i try that 1' or 1=1; #
and i get all the users and passwords as i expected but when i use --
for a comment instead of #
i get a syntax error. Why is that happening ?
Can you explain how is the sql formed in each case ?
Also i notice 1' or 1=1 #
works too. The # symbol doesnt comment out the ; ?
As you can read in the mysql manual:
In MySQL, the -- (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)
When adding only --
to your input... there is no whitespace or control character following. Your synthesized query would look like that:
SELECT first_name, last_name FROM users WHERE user_id = '1' or 1=1--';
As you can see, the double dash is followed immediately by a ;
which leads to a syntax error as it is not considered a comment.
Try putting in --
(with a trailing whitespace) at the end
For the ;
: It is not necessary in a query issued to the server. This is only to separate different statements but with a single statement not required at all.
The mysql command line client does not send that character to the server but treats it as an "execution instruction".