Quiz Entry - updated: 2026.06.20
What are the two main SQL injection techniques for data extraction?
WHERE-clause tampering (' OR 1=1--) widens which rows you get back; UNION queries graft on rows from a completely different table.
1. WHERE clause tampering:
- Modify the WHERE clause by adding
'OR 1=1-- - Access more data from the same table and columns
- Example: See all records instead of just your own
2. UNION query:
- Append results from another table
- Example:
SELECT NAME, DESCRIPTION, PRICE from PRODUCT
where NAME LIKE '%X' UNION ALL SELECT USERNAME, PASSWORD, 0 FROM USER --%'
- Returns usernames and passwords alongside product data