The principle of SQL injection is to build sqli labs, and SQL injection is simple and practical

One 、SQL Injection overview

1、SQL Principle of injection

Basic of user login SQL sentence ：

select * from users where username = ' User name entered by the user ' and password=' The password entered by the user '

User input is controllable , For example, we can enter... In the user name ' or 1=1 -- Space

select * from users where username = '' or 1=1 -- Space 'and password = ' The password entered by the user '

At this point, the first single quotation mark we enter will be username The single quotation mark of , It is equivalent to entering an empty user ,or It means that the return result of the statement is true as long as one of the left and right conditions is true , among 1=1 Always true , So at the moment SQL No matter how the statement is executed, the result is always true ,-- Spaces indicate comments , All code after the comment is no longer executed .

We can see that the above closed method does not enter the user name , So you can't log in successfully

select * from users where username = 'admin' or 1=1 -- Space 'and password =' User entered

password '

We put the user name before the single quotation mark to indicate the user we want to log in to . This successfully bypasses the user password authentication .