1/**/and/**/1=1 works beautifully.
She chose . In the name field, she entered: sql+injection+challenge+5+security+shepherd+new
To perform a UNION injection, we need to know how many columns the original query is returning. We use the ORDER BY technique to enumerate columns incrementally. 1/**/and/**/1=1 works beautifully
Most Security Shepherd SQL challenges use double quotes ( " ) or single quotes ( ' ) for string encapsulation. Try entering a single quote ' in the coupon field. sql+injection+challenge+5+security+shepherd+new