MySQL8 1Z0-908学习(4)
作者:互联网
问题(答案在文章最后):
Which two queries are examples of successful SQL injection attacks? (Choose two.)
A SELECT user,passwd FROM members
WHERE user = ‘?’;INSERT INTO members(‘user’,‘passwd’) VALUES (‘bob@example.com’,‘secret’);–’;
B SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);
C SELECT id, name FROM user WHERE id=23 OR id=32 OR 1=1;
D SELECT id, name FROM user WHERE id=23 OR id=32 AND 1=1;
E SELECT email,passwd FROM members
WHERE email = ‘INSERT INTO members(‘email’,‘passwd’) VALUES (‘bob@example.com’, ‘secret’);–’;
F SELECT user, phone FROM customers WHERE name = ‘; DROP TABLE users; --’;
解析:
1, Where语句中加入"?’;",“INSERT”,“–"等特殊符号及SQL语句,会导致SQL语句被运行。
SELECT user,passwd FROM members
WHERE user = ‘?’;INSERT INTO members(‘user’,‘passwd’) VALUES (‘bob@example.com’,‘secret’);–’;
B SELECT id, name FROM user WHERE user.id=(SELECT members.id FROM members);
2, SQL语句的WHERE条件中加入”OR 1=1;“,即使其他条件不满足,也会查询出结果。
答案:
AC
标签:MySQL8,908,1Z0,passwd,user,members,WHERE,id,SELECT 来源: https://blog.csdn.net/engchina/article/details/117517797