Home > database >  PostgreSQL: concatenation of pg_sleep
PostgreSQL: concatenation of pg_sleep

Time:09-24

There's this challenge from portswigger: https://portswigger.net/web-security/sql-injection/blind/lab-time-delays

I noticed that these 2 solutions work: ' || pg_sleep(10)-- , ' || (SELECT pg_sleep(10)--

But this doesn't: ' || SELECT pg_sleep(10)--

And my question is what's the different between with and without () ?

CodePudding user response:

Because This is the syntax of the SQL:

A scalar subquery is an ordinary SELECT query in parentheses that returns exactly one row with one column.

Page link:https//www.codepudding.com/database/126222.html

Prev:Access variable inside a function SwiftUI
Next:input values into multiple tables where the index of one table creates an entry into the secondary t
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding