An attacker has determined a web application is running the SQL command shown below. What could she enter for VALUE to get a list of all email addresses in the employee table and avoid syntax errors? select email from employee where name = `˜[VALUE]';
To obtain all email addresses from the employee table while avoiding syntax errors, VALUE should be set to `' or 1=1;--`, which effectively terminates the original query and appends a condition that is always true, followed by SQL comment syntax to ignore the remaining part of the query. This way, the attacker can bypass the intended condition and retrieve the desired data.
Should be "A"
should be A.