I have some programming experience, but am having trouble with SQL injection code. I don’t understand why there’s sometimes SQL syntax after the comment character (such as — or #). I know that — – and –+ are just required comments syntax, but there’s injection examples with much more complex syntax after the comment characters, such as /*! MySQL-specific code */
How are those complex injection comments being interpreted since they’re commented out? I don’t 100% understand how the comment characters can even be interpreted during SQL injection.
I’ve been researching for quite some time but can’t figure it out.
Thank You for any help.