How can I carry out SQL insert injection when there’s a select statement beforehand

So here’s the deal. I’ve been working on an SQL injection challenge and here’s what comes up.

There’s a registration page where you input your Username, password and confirm password. It’s vulnerable to INSERT SQL injection, I’m basically trying to insert my own data and make myself and admin (admin=1). However, there is a SELECT statement before the INSERT statement that checks if the username exists in the database. The problem is, if I try inserting data with SQL injection, the SELECT statement will fail and will generate an error, and the INSERT statement will never be executed.

I’ve made an in-a-nutshell PHP code to show you how it works.

<?php     $  username = $  _POST['username'];     $  password = md5($  _POST['password']);      $  sql = mysqli_query("SELECT * FROM users WHERE username = '$  username';");     if(mysqli_num_rows($  sql) > 0 || !$  sql) {         // this code will be run if the username already exists OR an SQL error in the query above.     }     else {         $  sql = mysqli_query("INSERT INTO users (`id`,`username`,`password`,`admin`) VALUES (NULL,'$  username','$  password',0);");     } ?> 

So the thing is, if I tried signing up with the username "admintest','password',1);-- " which should in theory INSERT myself into the database as an admin, here comes the problems.

The problem, is the SELECT query. Watch what happens.

SELECT * FROM users WHERE username = 'admintest','password',1);-- '; 

This of course is a syntax-error, and as we saw by the code I provided above, an IF statement will confirm that the SQL query was a syntax error, and the INSERT statement will NEVER run.

In an ideal world, this should happen in the INSERT statement, which will insert me as an ADMIN.

INSERT INTO users (`id`,`username`,`password`,`admin`) VALUES (NULL,'admintest','password',1);-- ','password',0); 

I’ve tried to work out something that doesn’t generate a syntax error on the SELECT, and also INSERTs the data I want to insert. Would be appreciated if anyone could help out 🙂

Can the spell immovable object be used to carry very heavy things?

The spell immovable object from Explorer’s Guide to Wildemount (pg. 187) says:

You touch an object that weighs no more than 10 pounds and cause it to become magically fixed in place. You and the creatures you designate when you cast this spell can move the object normally. […]

At Higher Levels. If you cast this spell using a spell slot of 4th or 5th level, the DC to move the object increases by 5, it can carry up to 8,000 pounds of weight, and the duration increases to 24 hours. If you cast this spell using a spell slot of 6th level or higher, the DC to move the object increases by 10, it can carry up to 20,000 pounds of weight, and the effect is permanent until dispelled.

The two phrases I am interested in here are:

You … can move the object normally

and,

it can carry up to 20,000 pounds of weight.

Suppose I cast immovable object at 6th level on a thin sheet of plywood. I then proceed to stack 19,999 pounds of gold ingots on top of the sheet of plywood. I then attempt to move the sheet of plywood normally.

Can an object under the effect of a 6th level immovable object spell still be moved normally while it is carrying up to 20,000 pounds?

Can Mage Hand drag more weight than it can carry?

I have been watching/listening to Chance’s D&D Spellbook, which highlights a potential ‘loophole’ in that the spell doesn’t list how much the hang can drag, say if attached via a rope that weighs less than 10lbs.

Normally a spell only does what it says, but carrying and dragging seem closely enough related that there might be some room for interpretation.

URL editing shows success message, but doesn’t carry out function

I’ve been looking into my college’s internal alumni network. In that we can send connections to users and when you send a connection request, you’re taken to a url which is: https://www.website.com/yourwall/sent-invite/username/?Sendcon=true And a message

Your invitation to Name was sent.

is displayed where ‘Name’ is the name of the user associated with ‘username’ Even though we get a success message, the connection request is not sent. And if we supply an invalid ‘username’ parameter into the url we still get a success message but as:

Your invitation to {:user} was sent.

Could this be a vulnerability? How can it be exploited and mitigated?

Does the effects of a failed save versus disease or poison carry over into an alternate form?

Most diseases (mundane or magical) and poison deal ability damage upon a failed save after the incubation time.

Once the damage takes place, does the negative effects of a failed save versus disease or poison carry over into an alternate form?

This question is only asking about alternate forms, not wildshape or polymorph.

[ Personal Finance ] Open Question : Should I let my in-laws buy my house and carry the note instead of just going through a regular refinance?

I am have great credit (785) and am currently in the early stages of refinancing (rate not locked but looking like 3,5% fixed 30 yr) I called my father and law (and his realtor fiance) just out of due diligence to see if they thought this was a good rate considering the clients they’ve seen purchase homes recently. They said it sounded pretty competitive and so I pulled the trigger with the mortgage company. Now today They called and said they were talking and think they would like to buy the house, and carry the note for us at the same interest rate and terms, but also with the option for 10-20k cash out if we want it. I wasn’t really looking for this and am not sure what to make of it. They said they were looking for somewhere to invest some money they recently made and thought it would be a win-win. I’m not sure. I trust their motives financially, but I worry about them divorcing later, or implied favors (none implied as of yet). I suppose there’s always the possibility of them being very generous with the payments or sale of the house down the road, but that’s also definitely not a given. Sounds like the same deal either way for me, but with the possibility of ugly family stuff down the road. Is there an angle I’m not seeing here?

Can small characters really carry that much?

Let’s take a gnome for the example. Here is what the PHB 37 says for its size:

Size. Gnomes are between 3 and 4 feet tall and average about 40 pounds. Your size is small.

The PHB 176 also says the following for the carrying capacity:

Carrying Capacity. Your carrying capacity is your Strength score multiplied by 15. This is the weight (in pounds) that you can carry, which is high enough that most characters don’t usually have to worry about it.

[…]

Size and Strength. Larger creatures can bear more weight, whereas Tiny creatures can carry less. For each size category above Medium, double the creature’s carrying capacity and the amount it can push, drag or lift. For a Tiny creature, halve these weights.

If this gnome has a Strength of 10, it means it can carry 10*15=150 pounds ! More than the triple of its own weight !

Am I missing something or can small characters really carry that much ?

PS: I know D&D isn’t meant to be a realistic simulation, but still.

Full adder carry expression

I’m learning about logic circuits and I’ve come across full adder. In the book they derived its two carry out expressions –

Cout = x&&y || x&&z || y&&z and Cout = x&&y || (x’&&y || x&&y’)&&z

I’ve tried to get the second equation from the first one but couldn’t. Any one knows how to do that?

How can my Kobold carry all his weapons? [duplicate]

Carrying capacity, as defined on page 176 of the PHB is:

Carrying Capacity. Your carrying capacity is your Strength score multiplied by 15. This is the weight (in pounds) that you can carry, which is high enough that most characters don’t usually have to worry about it.

My Kobold Barbarian has a 16 in strength, meaning he can carry up to 240 lbs encumbered or 80 lbs unencumbered. He currently is carrying a Greatsword, 2 Handaxes, 4 Javelins, 2 Scimitars, 2 Sheilds, and an Herbalism Kit, which all equates to 39 lbs total (all of which are the standard size for the item). I know I can carry everything, but how would the mechanics work, especially with the large size of all the gear opposed to my 2’6″ character