z
正儿八经接触安全一年左右了,一直害怕SQL注入,不敢刷题今天开始持续刷通关
基础知识
查库: select schema_name from information_schema.schemata;
查表: select table_name from information_schema.tables where table_schema='security';
查列: select column_name from information_schema.columns where table_name='users';
查字段:select username,password from security.users;MySQL注释符
1:--+
2:--空格
3:#目的是为了将mysql后面的语句注释掉不再执行 前面自己添加参数
or and
A and B True A跟B必须同时正确返回正确
A or B True A跟B有一个正确返回正确理解limit
SELECT * FROM users WHERE id='1' LIMIT 0,1
limit 0,1; 第一位表示从第几个开始,比如0从第一个开始,而第二位的1代表的的就是显示多少行数据
mysql> SELECT * FROM users LIMIT 2,1;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 3 | Dummy | p@ssword |
+----+----------+----------+
1 row in set (0.00 sec)
mysql> SELECT * FROM users LIMIT 3,1;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 4 | secure | crappy |
+----+----------+----------+
1 row in set (0.00 sec)
mysql> SELECT * FROM users LIMIT 0,2;
+----+----------+------------+
| id | username | password |
+----+----------+------------+
| 1 | Dumb | Dumb |
| 2 | Angelina | I-kill-you |
+----+----------+------------+
2 rows in set (0.00 sec)
mysql> SELECT * FROM users LIMIT 0,5;
+----+----------+------------+
| id | username | password |
+----+----------+------------+
| 1 | Dumb | Dumb |
| 2 | Angelina | I-kill-you |
| 3 | Dummy | p@ssword |
| 4 | secure | crappy |
| 5 | stupid | stupidity |
+----+----------+------------+
5 rows in set (0.00 sec)
mysql>order by
对某一列进行排序
mysql> select * from users;
+----+----------+------------+
| id | username | password |
+----+----------+------------+
| 1 | Dumb | Dumb |
| 2 | Angelina | I-kill-you |
| 3 | Dummy | p@ssword |
| 4 | secure | crappy |
| 5 | stupid | stupidity |
| 6 | superman | genious |
| 7 | batman | mob!le |
| 8 | admin | admin |
| 9 | admin1 | admin1 |
| 10 | admin2 | admin2 |
| 11 | admin3 | admin3 |
| 12 | dhakkan | dumbo |
| 14 | admin4 | admin4 |
+----+----------+------------+
13 rows in set (0.00 sec)
mysql> select * from users order by 1;
+----+----------+------------+
| id | username | password |
+----+----------+------------+
| 1 | Dumb | Dumb |
| 2 | Angelina | I-kill-you |
| 3 | Dummy | p@ssword |
| 4 | secure | crappy |
| 5 | stupid | stupidity |
| 6 | superman | genious |
| 7 | batman | mob!le |
| 8 | admin | admin |
| 9 | admin1 | admin1 |
| 10 | admin2 | admin2 |
| 11 | admin3 | admin3 |
| 12 | dhakkan | dumbo |
| 14 | admin4 | admin4 |
+----+----------+------------+
13 rows in set (0.00 sec)
mysql> select * from users order by 2;
+----+----------+------------+
| id | username | password |
+----+----------+------------+
| 8 | admin | admin |
| 9 | admin1 | admin1 |
| 10 | admin2 | admin2 |
| 11 | admin3 | admin3 |
| 14 | admin4 | admin4 |
| 2 | Angelina | I-kill-you |
| 7 | batman | mob!le |
| 12 | dhakkan | dumbo |
| 1 | Dumb | Dumb |
| 3 | Dummy | p@ssword |
| 4 | secure | crappy |
| 5 | stupid | stupidity |
| 6 | superman | genious |
+----+----------+------------+
13 rows in set (0.00 sec)
mysql> select * from users order by 3;
+----+----------+------------+
| id | username | password |
+----+----------+------------+
| 8 | admin | admin |
| 9 | admin1 | admin1 |
| 10 | admin2 | admin2 |
| 11 | admin3 | admin3 |
| 14 | admin4 | admin4 |
| 4 | secure | crappy |
| 1 | Dumb | Dumb |
| 12 | dhakkan | dumbo |
| 6 | superman | genious |
| 2 | Angelina | I-kill-you |
| 7 | batman | mob!le |
| 3 | Dummy | p@ssword |
| 5 | stupid | stupidity |
+----+----------+------------+
13 rows in set (0.00 sec)
mysql> select * from users order by 4; 报错
ERROR 1054 (42S22): Unknown column '4' in 'order clause'
mysql>通过order by 可以测试出在第几列中报错 从而得出该数据库有几列数据
less-01:
当执行?id=1' order by 4 --+报错?id=1' order by 3 --+时没有报错说明该表有3列数据
