原始SQL语句:select count(*) from tbusers where username=‘abc‘ and userpass=‘abc‘
注入后的SQL:select count(*) from tbusers where username=‘abc‘ or 1=1 -- and userpass=‘abc‘
注入SQL后,会绕过注册验证,所以建议使用带参数的sql或者存储过程.
原文:https://www.cnblogs.com/boentouch/p/12772188.html