To teda neni ono, ani omylem, sql time injection je tohle:
select * from nahE_fotky where pridano>sysdate
ALTER SESSION SET nls_date_format="pridano or 1=1";
=> select * from nahe_fotky where pridano>pridano or 1=1
select sysdate from dual; => pridano or 1=1