I'm trying to inject basic query but I think I'm missing how to comment the end of those query.

I tough using # or --' would work but I'm still ending with those kind of error:

Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1

So what is the proper way of bypassing those security?

What am I doing wrong when I wrote:

http://esgi-3.futest.com/subject/12%20UNION%20SELECT%20*%20FROM%20TABLE%20user%20;--'

I'm trying to inject basic query but I think I'm missing how to comment the end of those query.

I tough using # or --' would work but I'm still ending with those kind of error:

Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1

So what is the proper way of bypassing those security?

What am I doing wrong when I wrote:

http://esgi-3.futest.com/subject/12%20UNION%20SELECT%20*%20FROM%20TABLE%20user%20;--'

And this is the whole error I get :

An exception occurred while executing 'SELECT s0_.text AS text, s0_.creationDate AS creationDate, s0_.private AS private, u1_.firstName AS firstName, u1_.lastName AS lastName, s0_.user AS user, c2_.userId AS userId24, c2_.subjectId AS subjectId25 FROM subject s0_ INNER JOIN user u1_ ON s0_.user = u1_.id LEFT JOIN comment c2_ ON s0_.id = c2_.subjectId LEFT JOIN user u3_ ON c2_.userId = u3_.id WHERE s0_.id = 12 UNION SELECT * FROM TABLE user ;--' ORDER BY c2_.creationDate DESC': SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1

so I'm a complet newbie on security.

I'm trying to inject basical query but I think I'm missing how to comment the end of those query.

I tough using # or --' would work but I'm still ending with those kind of error  :

Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1

So what is the proper way of bypassing those security  ? What am I doing wrong when I wrote  :

http://esgi-3.futest.com/subject/12%20UNION%20SELECT%20*%20FROM%20TABLE%20user%20;--'

I'm trying to inject basic query but I think I'm missing how to comment the end of those query.

I tough using # or --' would work but I'm still ending with those kind of error:

Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TABLE user ;--' ORDER BY c2_.creationDate DESC' at line 1

So what is the proper way of bypassing those security? 

What am I doing wrong when I wrote:

http://esgi-3.futest.com/subject/12%20UNION%20SELECT%20*%20FROM%20TABLE%20user%20;--'