The Test Data Inputs are 1) ' (Single quote) 2) '1'='1 3) we can pass the same i/p's as query in the form of SELECT*FROM users WHERE name =''OR'1'='1'; (If the text field accepts that much characters) 4) statement ="SELECT * FROM users WHERE name = '"+ userName +"';"
Before trying to pass those inputs as a security tester try to catch the Table Name and Attributes(fields) if so you can play with refined Data attributes and find out more Security issues by SQL Injection.
First try to catch in the order Database Name->Table Name->Attributes->Data Types
Liked By
Write Answer
What is SQL Injection?
Join MindStick Community
You have need login or register for voting of answers or question.
Amit Singh
28-Mar-20111) ' (Single quote)
2) '1'='1
3) we can pass the same i/p's as query in the form of SELECT*FROM users WHERE name =''OR'1'='1';
(If the text field accepts that much characters)
4) statement ="SELECT * FROM users WHERE name = '"+ userName +"';"
Before trying to pass those inputs as a security tester try to catch the Table Name and Attributes(fields) if so you can play with refined Data attributes and find out more Security issues by SQL Injection.
First try to catch in the order Database Name->Table Name->Attributes->Data Types