EC-Council
312-50V11 · Question #78
312-50V11 Question #78: Real Exam Question with Answer & Explanation
The correct answer is D: Single quotation. The single quotation mark is the most reliable and universally applicable character for quickly detecting SQL injection because it directly breaks standard SQL string syntax and triggers database errors.
SQL Injection
Question
You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?
Options
- ADouble quotation
- BBackslash
- CSemicolon
- DSingle quotation
Explanation
The single quotation mark is the most reliable and universally applicable character for quickly detecting SQL injection because it directly breaks standard SQL string syntax and triggers database errors.
Common mistakes.
- A. Double quotation marks serve as identifier delimiters in ANSI SQL and only act as string delimiters in certain non-standard database configurations, making them unreliable for universal quick validation.
- B. A backslash functions as an escape character in some database-specific contexts but is not a standard SQL string boundary character and does not reliably trigger syntax errors across database platforms.
- C. A semicolon can be used to chain stacked queries in SQL injection but does not immediately break string parsing to produce an observable syntax error the way a single quote does.
Concept tested. SQL injection detection using single-quote character
Reference. https://owasp.org/www-community/attacks/SQL_Injection
Topics
#SQL injection#single quote#injection testing#input validation
Community Discussion
No community discussion yet for this question.