Skip to content

Commit b99eff3

Browse files
author
元炜
committed
Fix code typo
1 parent 349b1fd commit b99eff3

File tree

5 files changed

+5
-5
lines changed

5 files changed

+5
-5
lines changed

de/09.4.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
3232

3333
Then our SQL becomes the following:
3434

35-
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
35+
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
3636

3737
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.
3838

en/09.4.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
3232

3333
Then our SQL becomes the following:
3434

35-
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
35+
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
3636

3737
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.
3838

ja/09.4.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ SQLインジェクションが発生する原因はプログラムがユーザ
2828

2929
我々のSQLは以下のようになります:
3030

31-
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
31+
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
3232

3333
SQLでは`--`はコメントを表します。そのため、検索クエリは途中で中断されます。攻撃者は合法的なユーザ名とパスワードを知らなくてもログインに成功します。
3434

pt-br/09.4.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ If the user inputs a user name or password as:
3232

3333
Then our SQL becomes the following:
3434

35-
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
35+
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
3636

3737
In SQL, anything after `--` is a comment. Thus, inserting the `--` as the attacker did above alters the query in a fatal way, allowing an attacker to successfully login as a user without a valid password.
3838

zh/09.4.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ SQL注入攻击(SQL Injection),简称注入攻击,是Web开发中最常
3535
那么我们的SQL变成了如下所示:
3636
```Go
3737
38-
SELECT * FROM user WHERE username='myuser' or 'foo'=='foo' --'' AND password='xxx'
38+
SELECT * FROM user WHERE username='myuser' or 'foo' = 'foo' --'' AND password='xxx'
3939
```
4040
在SQL里面`--`是注释标记,所以查询语句会在此中断。这就让攻击者在不知道任何合法用户名和密码的情况下成功登录了。
4141

0 commit comments

Comments
 (0)