[질문] -1' OR 2+935-935-1=0+0+0+1 or 'jnsbQnxZ'='

It looks like an attempted SQL injection string. Decoded, it is:

-1' OR 2+935-935-1=0+0+0+1 or 'jnsbQnxZ'='

What that does (conceptually)

• The initial single quote closes a quoted value in an SQL query.
• The expression 2+935-935-1 evaluates to 1, and 0+0+0+1 evaluates to 1, so the comparison is 1=1 (always true).
• That makes the WHERE clause (or whatever boolean expression is being built) evaluate to true and can cause the query to return data it shouldn’t (for example bypassing an authentication check or returning all rows).
• The trailing or 'jnsbQnxZ'='' is a further OR that doesn’t change the outcome because the 1=1 part is already true.

I can’t help you craft or test attacks or provide guidance on exploiting systems. I can, however, help you secure systems and explain defenses. Recommended mitigations

• Use parameterized queries / prepared statements for all database access (never concatenate user input into SQL).
• Validate and whitelist input where possible (e.g., allow only numeric IDs, specific formats).
• Apply least privilege to DB accounts (don’t use a DBA-level account from the app).
• Avoid returning detailed database error messages to users.
• Use an ORM or safe database APIs to reduce risk.
• Consider a Web Application Firewall (WAF) and monitoring to detect suspicious activity.
• Keep libraries and DB engines up to date.

Safe examples (defensive)

• Python (psycopg2): cur.execute("SELECT * FROM users WHERE username = %s AND password = %s", (username, password))

• PHP (PDO): $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$id]);

Logging and detection tips

• Log raw request input and query results (with care to avoid logging credentials).
• Alert on patterns like inputs containing SQL meta-characters or SQL keywords, sudden increases in returned row counts, or multiple failed/suspicious requests from the same IP.
• Regularly scan code for SQL constructed with string concatenation.

If you want, tell me what language/framework and a short snippet of the vulnerable code (or describe the input and query) and I’ll show a secure, fixed version.