Hacker News new | past | comments | ask | show | jobs | submit login

I've tried to write a program (https://gist.github.com/392445) which would be affected by this. It seems it should be `'); DROP TABLE servertypes; --` to actually drop any tables. All I was able to get now is syntax error.



I had the same idea: https://gist.github.com/913402


That's not a valid syntax for INSERT in MySQL. When you use the VALUE or VALUES keyword, it must be followed by a set of parentheses.


This is a valid syntax for MySQL:

    INSERT INTO servertypes SET server = 'Apache'


I recently learned about the INSERT SET syntax, and have started to use it across the board. Sooooo much more readable when column names and values are next to each other rather than separated. </offtopic>




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: