SQL injection on INSERT
Injection can happen on any SQL statement not run properly. For example, let’s pretend your comment table has two fields, an integer ID and the comment string. So you’d INSERT as follows: INSERT INTO COMMENTS VALUES(122,’I like this website’); Consider someone entering the following comment: ‘); DELETE FROM users; — If you just put the … Read more