Can I instantiate an injection attack based on the PHP MySQL class?
PHP VERSION 5.6.3
Failed while attempting a simulated injection attack. The SQL statement was printed and the script copied directly to MySQL Workbench was able to drop the database successfully, but always reported a syntax error while running locally, asking where the error was and how to instantiate such an attack.
The above link section, Access URL is test.php?sql=values%27);%20drop%20database%20test;%20--%20
Output is INSERT into test values (' values '); DROP DATABASE test; -- '); INSERT into Test VALUES (' values\ '); DROP DATABASE test; -- '); you have a error in your SQL syntax; check the manual, corresponds to your MySQL server version for the right SYN "DROP DATABASE test; --') ' at line 1
The second row has been anti-injection processing can be performed, but one did not do the processing, still error
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.