SQL Injection Attack against escaping single quotes

856 Views Asked by At

I have been told that the method of escaping single quotes is easy to bypass in a sql injection attack. For example, if I were to have the line:

username='admin' and password='$password'

where the user types in "$password", and any single quote they type gets replaced by a double quote, could you give me an example command that would break this? I know the backslash character ( \ ) is used to escape a character, but I'm not sure how it would work out still.

0

There are 0 best solutions below