How can i update a table using SQL Injection?

How can i abl开发者_JAVA技巧e to update a table in a MySQL database using SQL Injection?

I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.

Kindly give me an idea professionals...

---

You may want to try entering Robert'); DROP TABLE students; -- in your form :)

In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; -- as his name. Now imagine if that input was used in this query:

SELECT * FROM students WHERE name = '$input'

As you can see, if we substitute $input for what Bobby entered, you'll get this

SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'

Which are two very valid SQL commands, and a comment.

You may also want to research earlier Stack Overflow questions on SQL Injection.

---

Robert'); DROP TABLE students; -- Might have worked in 2010. But as of today 2021. mysql_query() do not allow stacked queries.