The input would come in from a web form, and I am attempting an SQL injection via the form. In the password field, I attempt to put a single quote just to see what sort of error is invoked at the back end. I run this same query manually at the back end -
mysql> UPDATE users SET password = ''' WHERE username='admin';
I understand that there is a mismatch in the single quotes, but I just want to see how the query behaves at the back end.
The query however doesn't run immediately. It spills over to the next line, as if it is waiting for more input.
mysql> UPDATE users SET password = ''' WHERE username='admin'; '> '; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'admin'; '' at line 1
Why does it spill onto the second line? Why can't it just say something close to "syntax error near password"