I'm trying to do this query in order to test for injection. Where is the error in my query?
<?php
$query= "SELECT * FROM login where email = '1' or '1' = '1' limit 1;/*' and password = '1e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855223'";
$result = mysqli_query($connection,$query) or die(mysqli_error($connection));
?>
The result error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' and password = '1e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b785' at line 1
If I do the query inside mysql workbench it works fine, but when placed in mysqli it gives the error.
Thanks for your help and down count. The simple answer is to use # instead of /*.
Bye
