Question: I was asked to do a security audit on few of our websites and one pops up on the scan with a possible sql injection. When I plug in the code below I get the following error “shown below” . I can say that kind of new to sql injections… could somebody explain what I may be missing here…
URL Code that gives me error below:
Couldn't exec sth!
QUERY: INSERT INTO search_terms (search_term) values ('\')
ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\')' at line 1