since l4in give me the link and tell me that i should know this one. i read an articles at Suspekt.org about sql truncate. after several time i read this articles i do not give a lot interest.but in coincidence i read another article about sql truncate write by 80sec. well this one make me go to Suspekt.org and read the article again. well.. here is some explanation about this technique.

this is a PHP code sample that vulnerable with sql Truncate:

<?php

    $user=$_REQUEST['user'];
    mysql_query("SET names utf8");
    $result = mysql_query("SELECT * from test_user where user='$user'");

    if(trim($user)=='' or strlen($user)>20 ){
    die("Input user Invalid");
    }
          if(@mysql_fetch_array($result, MYSQL_NUM)) {
          die("already exist");
         }
    else {
    $sql="insert test_user values ('$user')";
    mysql_query($sql);
    echo "$user register OK!";
   }
    mysql_free_result($result);
?>

well this is a common php code.please read carefully this code wil check if the input is valid the code will insert the input to the database. and here is the scenario when and why this code is vulnerable :

if an attacker input a username ‘admin z’, [admin a lot of space and z] and the code will check that if the length is not valid. because it up to 20 char.But it will not end here, attacker can input username ‘admin0xc1zzz’, this one will get attacker a user as admin. why?

because the table is created in charset utf8,the 0xc1 is not a valid utf8 character,it will be striped,also all of the next characters will be striped too.Then the and the attacker got a user ‘admin’ :))

[ref]

http://packetstormsecurity.org/papers/database/mysql-truncate.txt
http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/