I have seen a piece of sql injection example code like below, what does the '/*' in sql means?
$_POST['username'] = chr(0xbf) . chr(0x27) . '开发者_如何转开发 OR username = username /*';
$_POST['password'] = 'guess';
$mysql['username'] = addslashes($_POST['username']);
$mysql['password'] = addslashes($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '{$mysql['username']}' AND password = '{$mysql['password']}'";
$result = $db->query($sql);
/* is the beginning of a comment. */ ends the comment. The attacker is trying to comment out the remainder of the query.
/* begins a comment, so everything after that is ignored until a */ is encountered
Your attacker introduced an open comment, thereby nullifying the effect of the password check
/* means a start of a multiline comment
For example:
/*
CREATE PROC A_SAMPLE_PROC
BEGIN
AS
SELECT * FROM A_SAMPLE_TABLE
END
*/
while -- means single line comment. Keyboard shortcut for commenting in MS SQL Server Studio is Ctrl + K, Ctrl + C
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论