发表新帖

发表新帖

SQL Injection Method

前端未结

关注

 2  2049

既然无缘 2021-01-27 20:36

The Injection Procedures are :

SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

But, My Question Is how the injection query

2条回答

情书的邮戳 (楼主)

2021-01-27 21:17
its when you have your query as string in your code, something like this
```
Query = "SELECT UserId, Name, Password FROM Users WHERE UserId = '" + sUserID + "'"
```
So you pass sUserID = "ABC' OR 1=1;"

this will be translated like
```
SELECT UserId, Name, Password FROM Users WHERE UserId = 'ABC' OR 1=1
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...

热议问题