Sql query injection attack in php

Question

Sql query injection attack in php

Can someone explain the meaning of this request to me?

-999.9 and(select 1 from(select count(*),
 concat((select (select concat(0x7e,0x27,unhex(Hex(cast(database() as char))),0x27,0x7e))
 from `information_schema`.tables limit 0,1),floor(rand(0)*2))x 
 from `information_schema`.tables group by x)a)--

I found that the required fields in the form are filled in 1, and the email address for this specific request.
In the form, I have a sequence, such as name, mobile nu, email id and other data. After you have specified the email id, whatever fields are blank or null, and all fields are filled with "1" before the email id.

+4

mysql sql-injection

Dinesh subhash patil Apr 21 '14 at 7:17

source share

1 answer

axiac · Answer 1 · 2015-02-12T14:11:26+0000

SQL. , SQL. , , , , SQL-.

SQL- ; , .

: , , , . , , . - , , ( "" " die()" ).

SQL- , , , . , , . ( ) script , , .

, . MySQL, - group by x. , (MySQL 4?); MySQL. , . , MySQL, , script , . , , . , .: -)

, , . , , - . , , - (, ), , , .

2 RLIKE (SELECT ...), ... , N ^th ( ) information_schema ( LIMIT), MID(name, K, 1), K ^th , ( IF() CASE), 2 -, .

ASCII. , , , 2 RLIKE 2, . - 2 RLIKE (, . , script . , . 7 .

K+1 . , , script , , .

, : .

Sql query injection attack in php

More articles: