Is it really possible with an MySQL-Injection? Cant pass trough the mysql_real_escape_string().
My Thougts was to manipulate simply that +1.
%20--%20 the Comment doesnt work or?
%20--%20 Shows an ErrorMessage like this:
MySqlError(1054): Unknown column 'bill -- ' in 'field list' in Query:
UPDATE noescvotes SET `bill -- `=`bill -- `+1 WHERE id=1
But all after the comment should not parsed or?
No matter the comments are only usefull if i can put a ' after my bill or george.
If another hint would break the challenge for others please write me a PM
Thx for so much fun!
And sorry for my bad english iam german.