I have tried sql injection my script. I have a problem in ezSQL.
Original query
$dbo->get_var("SELECT COUNT(*) FROM table WHERE id = '1'");
Injected Query
$dbo->get_var("SELECT COUNT(*) FROM table WHERE id = '1'; SELECT * FROM table -- -'");
Error
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'SELECT * FROM table -- -' at line 1
But,
This Sql Query works phpmyadmin SQL Command successfully. I dont understand this. Why sql code doesnt work in ezsql query? Please help me.