Look at the following SQL query.
SELECT * FROM product WHERE PCategory=’computers’ or 1=1–‘
What will it return? Select the best answer.
A.
All computers and all 1’s
B.
All computers
C.
All computers and everything else
D.
Everything except computers
Explanation:
The 1=1 tells the SQL database to return everything,a simplified statement would be SELECT *
FROM product WHERE 1=1 (which will always be true for all columns). Thus,this query will return
all computers and everything else. The or 1=1 is a common test to see if a web application is
vulnerable to a SQL attack.