GIAC Certified Incident Handler (GCIH) — Question 19

Which special character or character sequence is often used in SQL injection attacks because it acts as a SQL comment delimiter?

Answer options

• A. --
• B. '
• C. *
• D. ;
• E. ../

Correct answer: B

Explanation

The correct answer is B, as the single quote (') is commonly used in SQL injection to terminate strings and can also start a comment in some contexts. Option A (--) is a comment delimiter but is not as widely applicable in the context of string termination. Options C (*), D (;), and E (../) do not serve as comment delimiters in SQL.