Suppose a web application builds the SQL command "select PhoneNumber from contacts where Company = '[value]';". What would the result likely be if an attacker submitted the value "GIAC'; drop table contacts; --" to the database?
Suppose a web application builds the SQL command "select PhoneNumber from contacts where Company = '[value]';". What would the result likely be if an attacker submitted the value "GIAC'; drop table contacts; --" to the database?
If an attacker submitted the value "GIAC'; drop table contacts; --", the SQL command constructed would become: "select PhoneNumber from contacts where Company = 'GIAC'; drop table contacts; --'. The part 'drop table contacts;' is an SQL command that would delete the 'contacts' table from the database. The comment delimiter '--' ensures that any subsequent text is ignored, making the query syntactically valid. Therefore, the 'contacts' table would be deleted from the database.
Should be C if 'contacts' table exists.