SQL Injection (intro)

语法基本 #

SQL

DML

DDL

DCL

@'%'是MySQL专用的user@host模型,这里用户名要当 identifier 用,而不是'string literal'

SQLi类别 #

String SQL injection

Numeric SQL injection

SQLi - CIA #

SQLi - Compromising Confidentiality

SQLi - Compromising Integrity

' or '1'='1';update employees set salary = 99999 where auth_tan = '3SL99A' --

SQLi - Compromising Availability

1'; drop table access_log;--

Calendar February 3, 2026
Edit Edit this page