[個案 1] 以 -- injection

Code

$query = "SELECT * FROM products WHERE category_id = $category AND released = 1";

當 $category 是 "1--" 時, 就無視要條件 "released = 1"

[個案 2] 以 ' injection

Code

$query = "SELECT * FROM products WHERE category_id = '$category' AND released = 1";

當 "$category=' OR 1=1", 就無視要條件 "released = 1"

[個案 3] OR 1=1

Code

"SELECT * FROM Users WHERE UserId = " + UserId;

當 "UserId=1 OR 1=1", 就會 Select 晒所有 User

[個案 4] " OR ""="

Code

sql ='SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

當

uName:

uPass: " OR ""="

SELECT * FROM Users WHERE Name ="" AND Pass ="" OR ""=""

... AND ... OR TRUE

所以會返回整個 Users Table