参考网址
https://blog.csdn.net/weixin_43919144/article/details/105552701
https://blog.csdn.net/weixin_43096078/article/details/108214500
数字型注入
http://localhost:8888/form.php?id=1 and 1=1
http://localhost:8888/form.php?id=1 and 1=2
如果结果不同,可判断未数字型注入,为什么呢?
如果是数字型注入,sql语句就会是这样的
select * from tablename where id =1 and 1=1
select * from tablename where id =1 and 1=2
如果是字符型注入,sql语句应该是这样的
select * from tablename where id =‘1 and 1 = 1‘
select * from tablename where id =‘1 and 1 = 2‘
如果后面加1=1 和1=2 结果不同,可判断未数字型注入,如果相同,可能为字符型注入
字符型注入
http://localhost:8888/form.php?id=1‘ and ‘1‘=‘1
http://localhost:8888/form.php?id=1‘ and ‘1‘=‘2
sql语句应该是这样的
select * from tablename where cat =‘1‘ and ‘1‘ = ‘1‘
select * from tablename where cat =‘1‘ and ‘1‘ = ‘2‘
原文:https://www.cnblogs.com/xxzl20171025/p/14154736.html