lostecho/build-web-application-with-golang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix code typo

Browse Source
This commit is contained in:
元炜
2017-02-20 14:10:24 +08:00
parent 349b1fdc97
commit b99eff3c90
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
de/09.4.md
View File

@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
Then our SQL becomes the following:
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.