There's this challenge from portswigger: https://portswigger.net/web-security/sql-injection/blind/lab-time-delays
I noticed that these 2 solutions work:
' || pg_sleep(10)--
, ' || (SELECT pg_sleep(10)--
But this doesn't: ' || SELECT pg_sleep(10)--
And my question is what's the different between with and without ()
?
CodePudding user response:
Because This is the syntax of the SQL:
A scalar subquery is an ordinary SELECT query in parentheses that returns exactly one row with one column.