1.判断数据库类型 id=1 and (select count(*) from sysobjects)>0 2.判断注入点 id=1 and 1=1 id=1 and 1=2 3.判断列数 url编码的空格是%20