Why do we use --+ to comment on the rest of the query?

449    Asked by AnilJha in SQL Server , Asked on Jan 12, 2022

Why should we sometimes use --+ instead of -- in SQL injection to comment the rest of the query? 

I have encountered some websites where when I used -- + to comment on the rest of the query it didn't work, but when I tried --+ it worked.

In the MySQL official documentation there is no such thing as --+ and we only have -- and two other ways.

Why does this happen? I want to know exactly why this works sometimes and -- doesn't, and why there is no --+ for comments in the MySQL man page? 

Answered by ankur Dwivedi

From the documentation:

From a -- sequence to the end of the line. In MySQL, the -- (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on). This syntax differs slightly from standard SQL comment syntax, as discussed in Section 1.8.2.4, “'--' as the Start of a Comment”. (emphasis mine) Many URL decoders treat --+ as a space.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com