You are viewing a single comment's thread.

view the rest of the comments →

0
2

[–] NassTee 0 points 2 points (+2|-0) ago 

The -- makes anything after it into a comment which is ignored by the database. This prevents the remainder of the original command from making the whole thing invalid.

0
1

[–] Naked_Dave 0 points 1 points (+1|-0) ago 

Gotcha, so I guess it's a dev's job to account for such input. Security and hacking seem very interesting but it seems to me you need to have a lot more knowledge of CS than what it takes to do basic QA and programming.

0
1

[–] fedevela [S] 0 points 1 points (+1|-0) ago 

If you use an ORM like sequelize it covers your ass from these injections