Revision as of 16:07, 29 October 2012 edit 98.221.101.39 (talk) Fixed syntax errors in sql injection code. ← Previous edit		Revision as of 16:08, 29 October 2012 edit undo 98.221.101.39 (talk) Fixed var name $id Next edit →
Line 139: query = "SELECT x, y, z FROM Table WHERE id='$id' " </source> If ''$id'' is replaced with ''"'; DELETE FROM Table; SELECT * FROM Table WHERE id='"'', executing this query will wipe out all the data on the local machine. == See also ==

String interpolation: Difference between revisions