lostecho/build-web-application-with-golang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #792 from wuyuanwei/fix-code-typo

Browse Source 
Fix code typo in SQL injection section
This commit is contained in:
astaxie
2017-02-25 11:30:58 +08:00
committed by GitHub
parent 79bf6be745 b99eff3c90
commit 26820bc8b8
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
en/09.4.md
View File

@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
Then our SQL becomes the following:
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.