LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What are the two main SQL injection techniques for data extraction?

WHERE-clause tampering (' OR 1=1--) widens which rows you get back; UNION queries graft on rows from a completely different table.

1. WHERE clause tampering:

  • Modify the WHERE clause by adding 'OR 1=1--
  • Access more data from the same table and columns
  • Example: See all records instead of just your own

2. UNION query:

  • Append results from another table
  • Example:
SELECT NAME, DESCRIPTION, PRICE from PRODUCT
where NAME LIKE '%X' UNION ALL SELECT USERNAME, PASSWORD, 0 FROM USER --%'
  • Returns usernames and passwords alongside product data

From Quiz: SPRG / Input Validation & Output Encoding | Updated: Jun 20, 2026