sql二阶注入
Summary :
总结:
Everyone knows what is SQL Injection, but just to give you a brief about SQL Injection, it is a code injection technique that might destroy your database. It usually occurs when you ask user for input, like their username or userid, and instead of a name or id, the user gives you SQL statement that you will unknowingly run on your database.
每个人都知道什么是SQL注入,但是只是向您简要介绍SQL注入,它是一种代码注入技术,可能会破坏您的数据库。 当您要求用户输入用户名或用户ID之类的内容时,通常会发生这种情况,而不是名称或ID,而是用户给出SQL语句,您将在不知不觉中在数据库上运行。
Example :
范例:
In SQL Injection 1=1 is always a true condition. If there is nothing to prevent a user from entering wrong input, a user can enter something like this :
在SQL注入中1 = 1始终是真实条件。 如果没有什么可以防止用户输入错误的输入,则用户可以输入以下内容:
The SQL statement above is valid and will return all the rows from the “Users” table, since OR 1=1 is always a TRUE condition.
上面SQL语句有效,并且将返回“ Users ”表中的所有行,因为OR 1 = 1始终为TRUE条件。
In SQL Injection “ “=” ” is also a true condition. For example see the below user login :
在SQL注入中,“ “ =” ”也是一个真实条件。 例如,请参见下面的用户登录名: