@dblackshell: Actually, when you provide a constant as seed value, you can predict the next numbers and thus achieve 100% (or 0%) success rate.

]]>Returns a random floating-point value v in the range 0 <= v < 1.0.

Ifa constant integer argument N is specified, it is used as the seed value, which produces a repeatable sequence of column values.

So to produce a Pseudo-random number, a parameter should be specified; and in that case would you have a 99% success rate

]]>@dblackshell No, I assume the PRNG produces random numbers following a uniform distribution (http://en.wikipedia.org/wiki/Pseudorandom_number_generator), so on average, the injection will succeed around 99% of the time.

]]>you stand a 99% chance of being succesful (provided the application is vulnerable to SQL-injection)!

I think the chances are unknown, because it’s random.

]]>@oldami Yes, this is a pure tautology.

]]>Always true and the system would have to know the valid range for anything that might be compared to detect this. ]]>