'SQL injection to drop/empty table

I am trying to drop/empty table using user inputs.

My SQL code is $sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'";

I am typing or 1=1# to login without username and password which works perfectly!

Any idea how can I drop/empty the contain of table (users)?

I have tried so may ways like:

or DROP TABLE users; or DROP TABLE users; or DROP TABLE users

php sql

Solution 1:^[1]

I found the solution: I used query() instead of multi_query()

multi_query() can take more than one queries at one time.

Solution 2:^[2]

The SQL injection that you are trying to do use the closing of the request, by closing the argument with '. So, you should begin by closing the actual ' before trying to do something else.

For example :

SELECT * FROM users WHERE username = ''; here do what you want;'';

Here, the name was '; here do what you want;'. Composed of:

' closing WHERE section
; closing the request that is sensitive to SQL injection
You SQL request, for you DROP TABLE users;
' to re-open what we closed at the begin

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	Adel Alshappip
Solution 2	Elikill58

'SQL injection to drop/empty table

Solution 1:[1]

Solution 2:[2]

Sources

Related Questions

Solution 1:^[1]

Solution 2:^[2]