-1
I’m trying to capture a flag of the site Hacker101 CFT and I came across a code snippet.
IN THAT SPECIFIC PART:
if cur.execute('SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')) == 0:
would like to know the meaning of these symbols ( '%s '' %) in the language, after the word username, I intend to study this part to understand the code completely but do not know which keyword to use to search on these ( '%s' %) symbols.
// TRECHO DA MENSAGEM DE ERRO COMPLETO
Traceback (most recent call last):
File "./main.py", line 145, in do_login
if cur.execute('SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')) == 0:
File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 255, in execute
self.errorhandler(self, exc, value)
File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
raise errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''''' at line 1")
I understood perfectly! Thank you Murilo.
– Raiuri Santos
@Raiurisantos if the answer was useful consider it as correct to help other people with the same doubt.
– Murilo Portugal