There is a table name 
The SQL query in the error message seems okay to me and I couldn't understand why it is giving the syntax error. Maybe because the query is followed by a comment?
Could someone please have a look and help me if I am missing anything?
Thank you.
queries in my dummy database which has name, email, phone, message, and region. And there is a contact form in the UI which directly inserts the data into the queries table without validating or sanitizing anything. So I was performing some SQL injection on the form by adding a','b','c','d','e'); DELETE FROM users; -- to one of the fields but it is not successful and getting the below error:-
**Error:-**
Error: INSERT INTO queries (name,email,phone,message,region) VALUES('a','b','c','d','e'); DELETE FROM users; --','sdas','1234567890','fsfdsf','home')
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'DELETE FROM users; --','sdas','1234567890','fsfdsf','home')' at line 1
Asked by Arpit Jain
(103 rep)
Jul 2, 2023, 07:45 AM
Last activity: Jul 3, 2023, 02:51 AM
Last activity: Jul 3, 2023, 02:51 AM