Skip to main content

Table 3 Different forms of injection code with their common patterns

From: A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm

S/N Injection type Common pattern Example
1 Boolean-based ’ OR ‘…’ = | > | > =| < | < =|<>|! = ‘…’;# ‘ OR ‘1’ = ‘1’;#
123’ OR ‘a’ <> ‘b’ ;#
‘ OR ‘2 + 3’ < = ‘10’ ;#
2 Union-based ‘ union select … from …;# ‘ union select * from users; #
‘ union select name from a;#
3 Error-Based ’…convert ( |avg( | round(... 111’ convert(int, ‘abcd’)
A’ avg(‘&%$#@*’)
4 Batch query ‘; drop | delete | insert | truncate | update | select…;# aaa’ ; delete * from users; #
‘ ; drop table users; #
5 Like-based ’OR … LIKE ‘…%’;# ‘ OR username LIKE ‘S%’#
6 XSS <script> …’…;</script> <script>alert(‘Xss’);</script>