In one sentence, I will tell you the meaning of select 1, 2 and 3 in SQL injection, and explain the meaning of each part of SQL injection in detail

In the beginning sql It is believed that everyone has been exposed to -1' union select 1,2,3 # And so on

We can use this statement to judge username and password Where are they in the table

It's simple , If you understand, please give me a compliment ：）

1： Directly in sql Use in statement select 1,2,3 perhaps select a,b,c Or any other character （ Without specifying a table ） It will directly show you in the browser select Things that are

2： Once defined select From which table select for example ：

Assume tables exist users：

Use as follows sql sentence ：

select 1,2,3 from users ;

also 1,2,3 Does not really exist in users The words in this table

1,2,3 Will follow Column In the order of

And in the sql What we usually encounter in injection is

This allows the user to enter username and password The situation of

It is assumed that once the login is successful, the login account and password will be displayed

In this case, let's take a look at the original sql What meaning does each part of the injection statement represent

-1 ' union select1,2,3#

The red part ： The original sql Statement is to get id = xxxx The data of , Because here we let id = -1, So the conditions don't hold , It will not show superfluous things

The yellow part ： When using <form> Labeled get perhaps post When the method is used , Finally, I will give php A variable in is assigned to the value entered by the user , After the assignment, add these variables to sql In the sentence , Will automatically add two single quotes . For example, user input abc, Last in sql The statement will automatically become   ’ abc ‘ In the form of , Therefore, using a single quotation mark is equivalent to ending the previous statement ahead of time

The green part ： Because of the select already select 了 -1, It has lost its usefulness , But we want this again sql One more sentence in a sentence select, So we use union（ union ） To join one for the second time select sentence

The blue part ： According to the previous statement ,1,2,3 They will follow the rules of id,username,password Sequential output , Because we assume that the user name and password will be output when the login is successful , therefore 1 It's not shown , Then come to the second column , Corresponding output 2 So we know that the account number is the second column in the table , By analogy, the password is the third column in the table , Note that there select The number of numbers must correspond to the number of columns in the table , Less select It's not over （ Will report a mistake ）, More will repeat the display （ Can't tell ）

Earthy part ：# This comment symbol will turn the following statement into a comment , Make them meaningless

Here you get it ,1,2,3 They will be different ” Channel appears “, We judge their passage by observing their appearance .