如何使用SQL注入更新表? [英] How can i update a table using SQL Injection?

问题描述

如何使用SQL Injection 更新 MySQL数据库中的表?

How can i able to update a table in a MySQL database using SQL Injection?

我听说过如何在地址栏中输入查询，并且可以更新MySQL数据库中的表.但是我不确定.

I have heard about how we can enter the query in the address bar and it is possible to update a table in the MySQL database. But I am not sure about it.

请给我一个专业的想法...

Kindly give me an idea professionals...

推荐答案

您可能希望尝试以表格形式输入Robert'); DROP TABLE students; --:)

You may want to try entering Robert'); DROP TABLE students; -- in your form :)

在上面的 xkcd卡通中，可能会要求Bobby用表格填写他的名字，但是他调皮地插入Robert'); DROP TABLE students; --作为他的名字.现在，假设此查询中是否使用了该输入:

In the above xkcd cartoon, Bobby was probably asked to fill in his name in a form, but he mischievously inserted Robert'); DROP TABLE students; -- as his name. Now imagine if that input was used in this query:

SELECT * FROM students WHERE name = '$input'

如您所见，如果我们用$input代替Bobby输入的内容，您会得到的

As you can see, if we substitute $input for what Bobby entered, you'll get this

SELECT * FROM students WHERE name = 'Robert'); DROP TABLE students; --'

其中有两个非常有效的SQL命令和一个注释.

Which are two very valid SQL commands, and a comment.

您可能还想研究更早的有关SQL注入的堆栈溢出问题.

You may also want to research earlier Stack Overflow questions on SQL Injection.

这篇关于如何使用SQL注入更新表?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！