A savvy attacker, however, may enter ‘ OR Name LIKE ‘%, which would give us the following SQL statement: SELECT * FROM city WHERE Name = ” OR Name LIKE ‘%’;.

Comments are closed.