I was pondering while at the same time testing my site is there a way that the client can get information from my data set by making some further changes in the accompanying question?
SELECT * FROM users WHERE login='admin' AND password='1' OR '1'='1';
Given that he knew the administrator username and utilized '1'='1' for the secret key to hacking into it. What else could he at any point add to repeat the secret word on screen or track down table subtleties?
I maintain that should do this to comprehend the limits the unprotected SQL can hurt us for my show on SQL infusion.