如何使用SQL注入更新表? [英] How can i update a table using SQL Injection?
问题描述
如何使用SQL Injection 更新 MySQL数据库中的表?
How can i able to update a table in a MySQL database using SQL Injection?
我听说过如何在地址栏中输入查询,并且可以更新MySQL数据库中的表.但是我不确定.
I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.
请给我一个专业的想法...
Kindly give me an idea professionals...
推荐答案
您可能希望尝试以表格形式输入Robert'); DROP TABLE students; --
:)
You may want to try entering Robert'); DROP TABLE students; --
in your form :)
在上面的 xkcd卡通中,可能会要求Bobby用表格填写他的名字,但是他调皮地插入Robert'); DROP TABLE students; --
作为他的名字.现在,假设此查询中是否使用了该输入:
In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; --
as his name. Now imagine if that input was used in this query:
SELECT * FROM students WHERE name = '$input'
如您所见,如果我们用$input
代替Bobby输入的内容,您会得到的
As you can see, if we substitute $input
for what Bobby entered, you'll get this
SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'
其中有两个非常有效的SQL命令和一个注释.
Which are two very valid SQL commands, and a comment.
您可能还想研究更早的有关SQL注入的堆栈溢出问题.
You may also want to research earlier Stack Overflow questions on SQL Injection.
这篇关于如何使用SQL注入更新表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!