Penetration Testing mailing list archives
Re: SQL injection question
From: ".Saphyr" <saphyr () infomaniak ch>
Date: Thu, 22 Jan 2004 09:07:12 +0100
: i tried to use %20, \20 etc.. but it don't seems to : work If your target is a mssql server, if you need spaces into your string requests you can still use the SPACE function: SELECT * FROM users WHERE username = 'John'+SPACE(2)+'McLane' What do you precisely need spaces for ? Did you try simply using the '+' sign ? .merlin --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: SQL Injection question, (continued)
- Re: SQL Injection question Adam Tuliper (Jan 05)
- Reverse Engineering thoughts n30 (Jan 07)
- Re: Reverse Engineering thoughts Riad S. Wahby (Jan 07)
- Re: Reverse Engineering thoughts johnny cyberpunk (Jan 07)
- RE: Reverse Engineering thoughts Brett Moore (Jan 07)
- Re: Reverse Engineering thoughts Adam Tuliper (Jan 07)
- RE: SQL Injection question Tibor Biro (Jan 05)
- RE: SQL Injection question Lachniet, Mark (Jan 05)
- RE: SQL Injection question Scovetta, Michael V (Jan 05)
- SQL injection question John (Jan 21)
- Re: SQL injection question .Saphyr (Jan 22)