Am 29.01.2019 um 17:39 schrieb Tom Lane:
> "Gunnar \"Nick\" Bluth" writes:
>> Tried
>> SELECT 0x5e73266725;
[...]
> SELECT 0 AS x5e73266725;
>
> and that's the result you got.
Well, yeah, _that_ was pretty obvious. I just didn't expect ot to happen...
> I think that the SQL standard considers
Gunnar "Nick" Bluth wrote:
> Tried
> SELECT 0x5e73266725;
>
> and received:
> -[ RECORD 1 ]--
> x5e73266725 | 0
>
> That was not what I expected... is this expected/documented behaviour?
Looks like you don't need a space between a number literal and
the column alias.
I don't see any problem wit
"Gunnar \"Nick\" Bluth" writes:
> Tried
> SELECT 0x5e73266725;
> and received:
> -[ RECORD 1 ]--
> x5e73266725 | 0
> That was not what I expected... is this expected/documented behaviour?
Well, there are no hex literals in (PG's notion of) SQL, so that isn't
a valid token. But it's the concate
Hi,
I found this in an SQL-injection attempt today:
union select 0x5e73266725,0x5e73266725[,...],0x5e73266725;
Tried
SELECT 0x5e73266725;
and received:
-[ RECORD 1 ]--
x5e73266725 | 0
That was not what I expected... is this expected/documented behaviour?
Thx in advance!
--
Gunnar "Nick" Bluth
