mysql> show tables;
+----------------------+
| Tables_in_openlab |
+----------------------+
| MatchedLogRecDetails |
| emp_14 |
| logs |
| logs_day_report |
| logs_month_report |
| logs_year_report |
| s_emp |
| s_emp13 |
| s_emp_14 |
| s_emp_39 |
| s_emp_hz100521 |
| s_emp_jlh |
| s_user |
| s_user_39 |
| s_user_hz100521 |
| s_user_jlh |
| student |
| student_jlh |
| user_14 |
| xu_users |
+----------------------+
20 rows in set (0.01 sec)
mysql> select * from s_user;
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 0 | jack | 123456 |
| 1 | shery | 123456 |
| 2 | lianghao | lianghao |
| 5 | dengtao | 123456 |
| 6 | chunzi | 123456 |
+----+----------+----------+
5 rows in set (0.01 sec)
mysql> select * from s_user where username='jack' and password='dfsf'or'1'='1';
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 0 | jack | 123456 |
| 1 | shery | 123456 |
| 2 | lianghao | lianghao |
| 5 | dengtao | 123456 |
| 6 | chunzi | 123456 |
+----+----------+----------+
5 rows in set (0.00 sec)
mysql> select * from s_user where username='jack';
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 0 | jack | 123456 |
+----+----------+----------+
1 row in set (0.00 sec)
mysql> select * from s_user where username='jack' and password='dfsf';
Empty set (0.00 sec)
mysql> edit
-> ;
//select * from s_user where username='jack' and password='dfs'or'1'='1';
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 0 | jack | 123456 |
| 1 | shery | 123456 |
| 2 | lianghao | lianghao |
| 5 | dengtao | 123456 |
| 6 | chunzi | 123456 |
+----+----------+----------+
5 rows in set (0.00 sec)
mysql> edit
-> ;//select * from s_user where username='jack' and password='dfs'and'1'='1';
Empty set (0.00 sec)
[quote]
[b]总结:jljl'or'1'='1 为固定格式:若关键字为and 那么条件所引用的列为一个值显然不符合
数据库一范式。or在这里表示为或者,同时1=1条件恒为true,但是查询的结果会忽视前面的条件,而返回显示所有记录。说白了sql注入就是用单引号来使sql关键字生效,使用表达式
返回一个true,然而数据库就默认为这个查询的条件为正常且合法的。哎,理解的不是很透彻,以后学的深了在改改。[/b]
[/quote]