mysql - What does # mean in sql?

Question

Welcome To Ask or Share your Answers For Others

mysql - What does # mean in sql?

1 Answer

深蓝 · Answer 1 · 2021-10-23T19:02:57+0000

It is MySQL's version of the line comment delimiter. In standard SQL, the line comment delimiter is --.

-- This is a standard SQL comment.
# This is a MySQL comment.

So in the context of SQL injection, if the attacker knows you're using MySQL he may use it to abruptly terminate the malicious SQL statement, causing MySQL to ignore whatever is behind the # and execute only the stuff that comes before it. This is only effective against single-line SQL statements, however. Here's an example:

Input:

Username: fake' OR 1#
Password: pass

Resultant SQL:

SELECT * FROM users WHERE username = 'fake' OR 1#' AND password = 'pass'

Which is executed as this, which returns every row:

SELECT * FROM users WHERE username = 'fake' OR 1

Categories

mysql - What does # mean in sql?

mysql - What does # mean in sql?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags