How to hack this error? 02-19-2013, 10:45 AM
#1
Hi,
When I check SQli with ' i get error for SQLi but when I order by 1-- there is no error
http://example/product_info.php?Path=25_35&products_id=31251'
The error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '31251' and pd.language_id = '1' and p.products_status=1' at line 1
select p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_quantity, p.products_image, pd.products_url, p.products_price, p.products_tax_class_id, p.products_date_added, p.products_image_xl_6, p.products_date_available, p.manufacturers_id from products p, products_description pd where p.products_id = '31251\' and pd.products_id = '31251' and pd.language_id = '1' and p.products_status=1
How I can hack with that?
When I check SQli with ' i get error for SQLi but when I order by 1-- there is no error
http://example/product_info.php?Path=25_35&products_id=31251'
The error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '31251' and pd.language_id = '1' and p.products_status=1' at line 1
select p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_quantity, p.products_image, pd.products_url, p.products_price, p.products_tax_class_id, p.products_date_added, p.products_image_xl_6, p.products_date_available, p.manufacturers_id from products p, products_description pd where p.products_id = '31251\' and pd.products_id = '31251' and pd.language_id = '1' and p.products_status=1
How I can hack with that?
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)