{"id":2602,"date":"2023-10-27T11:55:21","date_gmt":"2023-10-27T03:55:21","guid":{"rendered":"https:\/\/fushuling.com\/?p=2602"},"modified":"2025-04-11T15:35:59","modified_gmt":"2025-04-11T07:35:59","slug":"%e9%a2%84%e7%bc%96%e8%af%91%e4%b8%8esql%e6%b3%a8%e5%85%a5","status":"publish","type":"post","link":"https:\/\/fushuling.com\/index.php\/2023\/10\/27\/%e9%a2%84%e7%bc%96%e8%af%91%e4%b8%8esql%e6%b3%a8%e5%85%a5\/","title":{"rendered":"\u9884\u7f16\u8bd1\u4e0esql\u6ce8\u5165"},"content":{"rendered":"\n

\u521a\u5b66web\u5b89\u5168\u7684\u65f6\u5019\u5b66\u5230sql\u6ce8\u5165\u9632\u5fa1\uff0c\u90a3\u4e9b\u6587\u7ae0\u57fa\u672c\u4e0a\u90fd\u4f1a\u8bf4\u5229\u7528pdo\u9884\u7f16\u8bd1\u5c31\u53ef\u4ee5\u8fd1\u4e4e\u5b8c\u7f8e\u9632\u5fa1sql\u6ce8\u5165\uff0c\u6216\u8005\u770b\u5230\u4e00\u4e9b\u6e17\u900f\u7ecf\u9a8c\u8d34\uff0c\u9047\u5230sql\u7ecf\u8fc7\u9884\u7f16\u8bd1\u7684\u7f51\u7ad9\u5e08\u5085\u4eec\u603b\u662f\u4f1a\u5efa\u8bae\u8d76\u7d27\u6362\u4e2a\u7ad9\uff0c\u90a3\u4e48\u9884\u7f16\u8bd1\u7a76\u7adf\u80fd\u4e0d\u80fd\u5b8c\u7f8e\u9632\u5fa1sql\u6ce8\u5165\uff0c\u6216\u8005\u8bf4\u9884\u7f16\u8bd1\u4e0b\u7684sql\u6ce8\u5165\u6709\u4ec0\u4e48\u5947\u6280\u6deb\u5de7\u5417\uff1f<\/p>\n\n\n\n

\u9996\u5148\u662f\u7b2c\u4e00\u4e2a\u95ee\u9898\uff0c\u4e3a\u4ec0\u4e48\u9884\u7f16\u8bd1\u6216\u8005\u8bf4\u53c2\u6570\u5316\u67e5\u8be2\u53ef\u4ee5\u9632\u6b62sql\u6ce8\u5165\u5462\uff1f\u6211\u4e4b\u524d\u770b\u8fc7\u7684\u4e00\u4e2a\u9762\u7ecf\u4e0a\u662f\u8fd9\u4e48\u5199\u7684\uff1a<\/p>\n\n\n\n

\n

\u4f7f\u7528\u53c2\u6570\u5316\u67e5\u8be2\u6570\u636e\u5e93\u670d\u52a1\u5668\u4e0d\u4f1a\u628a\u53c2\u6570\u7684\u5185\u5bb9\u5f53\u4f5c sql \u6307\u4ee4\u7684\u4e00\u90e8\u5206\u6765\u6267\u884c\uff0c\u662f\u5728\u6570\u636e\u5e93\u5b8c\u6210 sql \u6307\u4ee4\u7684\u7f16\u8bd1\u540e\u624d\u5957\u7528\u53c2\u6570\u8fd0\u884c\u3002\u7b80\u5355\u7684\u8bf4: \u53c2\u6570\u5316\u80fd\u9632\u6ce8\u5165\u7684\u539f\u56e0\u5728\u4e8e\uff0c\u8bed\u53e5\u662f\u8bed\u53e5\uff0c\u53c2\u6570\u662f\u53c2\u6570\uff0c\u53c2\u6570\u7684\u503c\u5e76\u4e0d\u662f\u8bed\u53e5\u7684\u4e00\u90e8\u5206\uff0c\u6570\u636e\u5e93\u53ea\u6309\u8bed\u53e5\u7684\u8bed\u4e49\u8dd1 \u3002<\/p>\n<\/blockquote>\n\n\n\n

\u56de\u987e\u4e00\u4e0bsql\u6ce8\u5165\u53d1\u751f\u7684\u539f\u56e0\uff0csql\u6ce8\u5165\u4e4b\u6240\u4ee5\u4f1a\u4ea7\u751f\u662f\u56e0\u4e3a\u670d\u52a1\u5668\u9519\u8bef\u628a\u7528\u6237\u7684\u8f93\u5165\u5f53\u4f5c\u4e86\u6267\u884c\u7684\u8bed\u53e5\u3002\u5047\u8bbe\u8fd9\u91cc\u6709\u4e00\u4e2asql\u8bed\u53e5\uff1a<\/p>\n\n\n\n

select username from test where id = $_POST[id]<\/code><\/pre>\n\n\n\n
\u5982\u679c\u7528\u6237\u6b63\u5e38\u8f93\u51651\uff0c\u8bed\u53e5\u5219\u4e3a\uff1a<\/p>\n\n\n\n
select username from test where id = 1<\/code><\/pre>\n\n\n\n
\u90a3\u4e48\u663e\u7136\u67e5\u8be2\u51fa\u6765\u7684\u5c31\u53ea\u4f1a\u662ftest\u8868\u4e2did\u4e3a1\u7684\u90a3\u4e2ausername\uff0c\u7136\u800c\u5982\u679c\u7528\u6237\u8f93\u5165\u7684\u662f1 union select version()\uff0c\u90a3\u4e48\u8bed\u53e5\u5c31\u53d8\u4e3a\u4e86\uff1a<\/p>\n\n\n\n
select username from test where id = 1 union select version()<\/code><\/pre>\n\n\n\n
\u6700\u540e\u67e5\u8be2\u51fa\u6765\u7684\u5c31\u4f1a\u4f7fid=1\u7684\u90a3\u4e2ausername\u4ee5\u53ca\u6570\u636e\u5e93\u7684\u7248\u672c\uff0c\u8fd9\u662f\u56e0\u4e3a\u672c\u6765\u7406\u8bba\u4e0a\u67e5\u8be2\u7684\u5e94\u8be5\u662fid\u4e3a”1 union select version()”\u7684\u8fd9\u4e2a\u7528\u6237\uff0c\u800c\u6570\u636e\u5e93\u6267\u884c\u8bed\u53e5\u7684\u65f6\u5019\u628a\u5b83\u5206\u5f00\u4e86\uff0c\u89c6\u4f5c\u4e86\u67e5\u8be2select username from test where id = 1\u4ee5\u53caselect version()\u3002<\/p>\n\n\n\n
\u56de\u770b\u5230\u9884\u7f16\u8bd1\u7684\u539f\u7406\uff0c\u5982\u679c\u6e90\u7801\u8fd9\u91cc\u63d0\u524d\u5bf9$_POST[id]\u8fdb\u884c\u4e86\u5904\u7406\uff0c\u90a3\u4e48\u6570\u636e\u5e93\u76f8\u5f53\u4e8e\u4f1a\u63d0\u524d\u5bf9\u6574\u4e2a\u8bed\u53e5\u8fdb\u884c\u7f16\u8bd1\uff0c\u628a\u5b83\u7f16\u8bd1\u6210select username from test where id = \u7528\u6237\u8f93\u5165\uff0c\u56e0\u6b64\u6574\u4e2a\u8bed\u53e5\u7684\u529f\u80fd\u5df2\u7ecf\u63d0\u524d\u5b9a\u6b7b\u4e86\uff0c\u5c31\u662f\u67e5\u8be2id = \u7528\u6237\u8f93\u5165\u7684username\uff0c\u4e0d\u518d\u4f1a\u50cf\u4e4b\u524d\u4e00\u6837\u9519\u8bef\u7406\u89e3\u6210\u67e5\u8be2id=1\u7684\u7528\u6237\u7136\u540e\u518d\u67e5\u8be2\u7248\u672c\uff0c\u5728\u6211\u770b\u6765\u9884\u7f16\u8bd1\u7684\u4f5c\u7528\uff0c\u5c31\u662f\u6d88\u9664\u4e86sql\u8bed\u53e5\u7684\u6b67\u4e49\u3002<\/p>\n\n\n\n
\u90a3\u4e48\u56de\u770b\u6700\u521d\u6211\u4eec\u63d0\u51fa\u7684\u7591\u95ee\uff0c\u9884\u7f16\u8bd1\u771f\u7684\u80fd\u5b8c\u7f8e\u9632\u5fa1sql\u6ce8\u5165\u5417\uff1f\u6709\u6ca1\u6709\u4ec0\u4e48\u5947\u6280\u6deb\u5de7\u80fd\u7ed5\u8fc7\u9884\u7f16\u8bd1\u8fdb\u884c\u6ce8\u5165\u5462\uff1f<\/p>\n\n\n\n
\u6709\u6b21\u5237\u5fae\u4fe1\u770b\u5230\u4e00\u7bc7\u6587\u7ae0\uff1a\u9884\u7f16\u8bd1\u771f\u7684\u80fd\u5b8c\u7f8e\u9632\u5fa1SQL\u6ce8\u5165\u5417\uff1f<\/a><\/p>\n\n\n\n
\u8fd9\u91cc\u9762\u63d0\u5230\u4e00\u4e2a\u5f88\u6709\u8da3\u7684\u70b9\u2014\u2014\u9884\u7f16\u8bd1\u662f\u5c06sql\u8bed\u53e5\u53c2\u6570\u5316\uff0c\u521a\u521a\u7684\u4f8b\u5b50\u4e2d where\u8bed\u53e5\u4e2d\u7684\u5185\u5bb9\u662f\u88ab\u53c2\u6570\u5316\u7684\u3002\u8fd9\u5c31\u662f\u8bf4\uff0c\u9884\u7f16\u8bd1\u4ec5\u4ec5\u53ea\u80fd\u9632\u5fa1\u4f4f\u53ef\u53c2\u6570\u5316\u4f4d\u7f6e\u7684sql\u6ce8\u5165\u3002\u90a3\u4e48\uff0c\u5bf9\u4e8e\u4e0d\u53ef\u53c2\u6570\u5316\u7684\u4f4d\u7f6e\uff0c\u9884\u7f16\u8bd1\u5c06\u6ca1\u6709\u4efb\u4f55\u529e\u6cd5\u3002<\/strong><\/p>\n\n\n\n
\u90a3\u4e48\u54ea\u4e9b\u662f\u4e0d\u53ef\u53c2\u6570\u5316\u7684\u4f4d\u7f6e\u5462\uff0c\u539f\u4f5c\u8005\u8bf4\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u4e3a\u4e86\u7814\u7a76\u539f\u7406\uff0c\u6211\u627e\u5230\u4e86\u4e00\u7bc7\u6587\u7ae0\uff0c\u8fd9\u4e2a\u5e94\u8be5\u662f\u6700\u65e9\u63d0\u51faorder by\u540e\u6ca1\u6cd5\u53c2\u6570\u5316\u6240\u4ee5\u53ef\u4ee5\u88absql\u6ce8\u5165\u7684(\u5176\u4ed6\u6587\u7ae0\u90fd\u662f\u76f8\u4e92\u6284\uff0c\u6211\u4eec\u7b80\u4e2d\u662f\u8fd9\u6837\u7684)\u2014\u2014 SQL\u9884\u7f16\u8bd1\u4e2dorder by\u540e\u4e3a\u4ec0\u4e48\u4e0d\u80fd\u53c2\u6570\u5316\u539f\u56e0<\/a>\uff0c\u6587\u7ae0\u91cc\u662f\u8fd9\u4e48\u89e3\u91ca\u7684<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u5927\u6982\u5c31\u662f\u8bf4\uff0corder by\u540e\u9762\u7684\u5b57\u6bb5\u662f\u4e0d\u80fd\u52a0\u5f15\u53f7\u7684\uff0c\u800c\u9884\u7f16\u8bd1\u540e\u4f1a\u81ea\u52a8\u52a0\u4e0a\u5f15\u53f7\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u77db\u76fe\u6240\u4ee5order by\u7684\u540e\u9762\u4e0d\u80fd\u8fdb\u884c\u9884\u7f16\u8bd1\u3002\u4e0d\u8fc7\u5f53\u65f6\u4ed6\u89e3\u91ca\u539f\u56e0\u662f\u56e0\u4e3a\u81ea\u52a8\u52a0\u5f15\u53f7\u7684setString()\u65b9\u6cd5\uff0c\u800c\u8fd9\u4e2a\u65b9\u6cd5\u4f3c\u4e4e\u53ea\u662fjava\u4e0b\u5b58\u5728\u7684\uff0c\u800c\u8fd9\u7bc7\u6587\u7ae0\u6211\u51c6\u5907\u4ece\u539f\u7406\u51fa\u53d1\u7814\u7a76\u7814\u7a76php\u4e0b\u7684\u6ce8\u5165\u53ef\u80fd(\u5176\u5b9e\u8fd9\u79cd\u601d\u8def\u4e0d\u540c\u8bed\u8a00\u662f\u5171\u901a\u7684)<\/p>\n\n\n\n
\u771f\u9884\u7f16\u8bd1\u4e0e\u5047\u9884\u7f16\u8bd1<\/h2>\n\n\n\n
\u56de\u5230\u6700\u521d\u7684\u95ee\u9898\u2014\u2014\u9884\u7f16\u8bd1\u771f\u7684\u80fd\u5b8c\u7f8e\u9632\u5fa1sql\u6ce8\u5165\u5417\uff1f\u6709\u6ca1\u6709\u4ec0\u4e48\u5947\u6280\u6deb\u5de7\u80fd\u7ed5\u8fc7\u9884\u7f16\u8bd1\u8fdb\u884c\u6ce8\u5165\u5462\uff1f<\/p>\n\n\n\n
\u9996\u5148\uff0c\u6211\u4eec\u5f00\u542f\u6570\u636e\u5e93\u7684\u65e5\u5fd7\u529f\u80fd\uff0c\u4ece\u6570\u636e\u5e93\u7684\u89d2\u5ea6\u770b\u770b\u9884\u7f16\u8bd1\u7a76\u7adf\u5bf9\u6211\u4eec\u7684sql\u8bed\u53e5\u505a\u4e86\u4ec0\u4e48\u5904\u7406\u3002<\/p>\n\n\n\n
show variables like 'general%';<\/code><\/pre>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
general_log\u663e\u793a\u7684\u662f\u662f\u5426\u5f00\u542f\u65e5\u5fd7\u529f\u80fd\uff0cgeneral_log_file\u663e\u793a\u7684\u662f\u65e5\u5fd7\u4f4d\u7f6e\u3002\u5982\u679c\u662foff\u7684\u8bdd\u53ef\u4ee5\u4f7f\u7528set GLOBAL general_log = 1;<\/code>\u5f00\u542f\u65e5\u5fd7\u529f\u80fd(\u5f97root)\uff0c\u53cd\u4e4b\u4f7f\u7528set GLOBAL general_log = 0;<\/code>\u5173\u95ed\u65e5\u5fd7\u3002<\/p>\n\n\n\n
\u4e8b\u5b9e\u4e0a\u6570\u636e\u5e93\u91cc\u6709\u4e24\u79cd\u9884\u7f16\u8bd1\uff0c\u4e00\u79cd\u79f0\u4f5c\u6a21\u62df\u9884\u7f16\u8bd1\uff0c\u53e6\u4e00\u79cd\u662f\u771f\u6b63\u7684\u9884\u7f16\u8bd1\uff0c\u9700\u8981\u683c\u5916\u8bbe\u7f6e\u3002(\u4ee5\u4e0b\u6d4b\u8bd5\u73af\u5883\u4e3aphp5.4.45+apache+mysql5.7.26\uff0c\u5bf9\u4e8e\u9884\u7f16\u8bd1\u6b63\u5e38\u7684\u5206\u6790\u4e0d\u540c\u73af\u5883\u5e94\u8be5\u5f71\u54cd\u4e0d\u5927\uff0c\u9700\u8981\u6ce8\u610f\u73af\u5883\u7684\u662f\u540e\u9762\u7ed5\u8fc7\u6ce8\u5165\u7684\u90e8\u5206)<\/p>\n\n\n\n
\u865a\u5047\u7684\u9884\u7f16\u8bd1<\/h3>\n\n\n\n
\u9ed8\u8ba4\u7684\uff0c\u6216\u8005\u8bf4\u73b0\u5728\u7f51\u4e0a\u4e00\u822c\u8bb2\u7684\u9884\u7f16\u8bd1\u662f\u8fd9\u4e48\u5199\u7684\uff1a<\/p>\n\n\n\n
<?php\n$username = $_POST['username'];\n\n$db = new PDO(\"mysql:host=localhost;dbname=test\", \"root\", \"root123\");\n\n$stmt = $db->prepare(\"SELECT password FROM test where username= :username\");\n\n$stmt->bindParam(':username', $username);\n\n$stmt->execute();\n\n$result = $stmt->fetchAll(PDO::FETCH_ASSOC);\n\nvar_dump($result);\n\n$db = null;\n\n?><\/code><\/pre>\n\n\n\n
\u6211\u4eecpost\u4e00\u4e2ausername=root<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u4e0d\u51fa\u610f\u5916\u7684\u67e5\u51fa\u4e86\u503c\uff0c\u6211\u4eec\u53bb\u65e5\u5fd7\u770b\u770b\u9884\u7f16\u8bd1\u5bf9\u6211\u4eec\u4f20\u5165\u7684\u503c\u505a\u4e86\u4ec0\u4e48\u5904\u7406\uff1a<\/p>\n\n\n\n
2023-10-22T12:59:55.149736Z\t    5 Connect\troot@localhost on test using TCP\/IP\n2023-10-22T12:59:55.149993Z\t    5 Query\tSELECT password FROM test where username= 'root'\n2023-10-22T12:59:55.150987Z\t    5 Quit<\/code><\/pre>\n\n\n\n
\u53ea\u6709connect query \u7136\u540e\u5c31quit\uff0c\u4f60\u53ef\u80fd\u4f1a\u5947\u602a\uff0c\u6211\u4eec\u4e0d\u662f\u7ed1\u5b9a\u4e86\u53c2\u6570\u7136\u540e\u9884\u7f16\u8bd1\u4e86\u5417\uff0c\u600e\u4e48\u611f\u89c9\u548c\u6b63\u5e38\u7684sql\u8bed\u53e5\u903b\u8f91\u5dee\u4e0d\u591a\u5462\uff0c\u6211\u4eec\u518dpost\u4e00\u4e2a’root’\u8bd5\u8bd5\uff1a<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u8fd9\u6b21\u7adf\u7136\u5565\u4e5f\u6ca1\u67e5\u51fa\u6765\uff0c\u5230\u5e95\u662f\u600e\u4e48\u56de\u4e8b!\u6211\u4eec\u53bb\u65e5\u5fd7\u770b\u770b\uff1a<\/p>\n\n\n\n
2023-10-22T13:12:13.619712Z\t    9 Connect\troot@localhost on test using TCP\/IP\n2023-10-22T13:12:13.619960Z\t    9 Query\tSELECT password FROM test where username= '\\'root\\''\n2023-10-22T13:12:13.620931Z\t    9 Quit\t<\/code><\/pre>\n\n\n\n
\u8fd9\u6b21\u4f60\u80af\u5b9a\u604d\u7136\u5927\u609f\u4e86\uff0c\u4e3a\u4ec0\u4e48\u9ed8\u8ba4\u7684\u9884\u7f16\u8bd1\u6a21\u5f0f\u6a21\u62df\u9884\u7f16\u8bd1\u88ab\u79f0\u4f5c\u865a\u5047\u7684\u9884\u7f16\u8bd1\uff0c\u56e0\u4e3a\u4ed6\u5728sql\u6267\u884c\u7684\u8fc7\u7a0b\u4e2d\u5176\u5b9e\u6839\u672c\u6ca1\u6709\u53c2\u6570\u7ed1\u5b9a\u3001\u9884\u7f16\u8bd1\u7684\u8fc7\u7a0b\uff0c\u672c\u8d28\u4e0a\u53ea\u662f\u5bf9\u7b26\u53f7\u505a\u4e86\u8fc7\u6ee4\uff0c\u6bd4\u5982\u5047\u5982\u6211\u4eec\u8f93\u5165\u6ce8\u5165\u8bed\u53e5root’ union select database()#\uff0c\u65e5\u5fd7\u91cc\u7684\u6570\u636e\u4e3a\uff1a<\/p>\n\n\n\n
2023-10-22T15:34:50.356115Z\t   11 Connect\troot@localhost on test using TCP\/IP\n2023-10-22T15:34:50.356353Z\t   11 Query\tSELECT password FROM test where username= 'root\\' union select database()#'\n2023-10-22T15:34:50.357303Z\t   11 Quit\t<\/code><\/pre>\n\n\n\n
\u90a3\u4e3a\u4ec0\u4e48\u5f00\u53d1\u8005\u8981\u505a\u4e00\u4e2a\u865a\u5047\u7684\u9884\u7f16\u8bd1\u5462\uff0c\u90a3\u662f\u56e0\u4e3a\u4e00\u4e2a\u53c2\u6570\u2014\u2014PDO::ATTR_EMULATE_PREPARES\uff0c\u8fd9\u4e2a\u9009\u9879\u7528\u6765\u914d\u7f6ePDO\u662f\u5426\u4f7f\u7528\u6a21\u62df\u9884\u7f16\u8bd1\uff0c\u9ed8\u8ba4\u662ftrue\uff0c\u56e0\u6b64\u9ed8\u8ba4\u60c5\u51b5\u4e0bPDO\u91c7\u7528\u7684\u662f\u6a21\u62df\u9884\u7f16\u8bd1\u6a21\u5f0f\uff0c\u8bbe\u7f6e\u6210false\u4ee5\u540e\uff0c\u624d\u4f1a\u4f7f\u7528\u771f\u6b63\u7684\u9884\u7f16\u8bd1\u3002\u5f00\u542f\u8fd9\u4e2a\u9009\u9879\u4e3b\u8981\u662f\u7528\u6765\u517c\u5bb9\u90e8\u5206\u4e0d\u652f\u6301\u9884\u7f16\u8bd1\u7684\u6570\u636e\u5e93(\u5982sqllite\u4e0e\u4f4e\u7248\u672cMySQL)\uff0c\u5bf9\u4e8e\u6a21\u62df\u9884\u7f16\u8bd1\uff0c\u4f1a\u7531\u5ba2\u6237\u7aef\u7a0b\u5e8f\u5185\u90e8\u53c2\u6570\u7ed1\u5b9a\u8fd9\u4e00\u8fc7\u7a0b(\u800c\u4e0d\u662f\u6570\u636e\u5e93)\uff0c\u5185\u90e8prepare\u4e4b\u540e\u518d\u5c06\u62fc\u63a5\u7684sql\u8bed\u53e5\u53d1\u7ed9\u6570\u636e\u5e93\u6267\u884c\u3002<\/p>\n\n\n\n
\u771f\u6b63\u7684\u9884\u7f16\u8bd1<\/h3>\n\n\n\n
\u6211\u4eec\u5728\u539f\u5148\u7684\u4ee3\u7801\u4e0a\u628aATTR_EMULATE_PREPARES\u8bbe\u4e3afalse\u53d6\u6d88\u6a21\u62df\u9884\u7f16\u8bd1<\/p>\n\n\n\n
<?php\n$username = $_POST['username'];\n\n$db = new PDO(\"mysql:host=localhost;dbname=test\", \"root\", \"root123\");\n$db -> setAttribute(PDO::ATTR_EMULATE_PREPARES, false);\n\n$stmt = $db->prepare(\"SELECT password FROM test where username= :username\");\n\n$stmt->bindParam(':username', $username);\n\n$stmt->execute();\n\n$result = $stmt->fetchAll(PDO::FETCH_ASSOC);\n\nvar_dump($result);\n\n$db = null;\n\n?><\/code><\/pre>\n\n\n\n
\u6211\u4eecpost\u4e00\u4e2ausername=root<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
\u770b\u770b\u65e5\u5fd7<\/p>\n\n\n\n
\"\"\/<\/div><\/figure>\n\n\n\n
231018 23:51:17\t   61 Connect\troot@localhost on test\n\t\t   61 Prepare\tSELECT password FROM test where username= ?\n\t\t   61 Execute\tSELECT password FROM test where username= 'root'<\/code><\/pre>\n\n\n\n
\u8fd9\u65f6\u6570\u636e\u5e93\u4e2d\u6267\u884c\u7684\u987a\u5e8f\u53d8\u6210\u4e86\uff1a\u5148\u8fde\u63a5\uff0c\u7136\u540e\u51c6\u5907\u8bed\u53e5\uff0c\u7528\u95ee\u53f7?\u5360\u4f4d\uff0c\u63a5\u7740\u7528\u8f93\u5165\u66ff\u6362\u95ee\u53f7?\u6267\u884c\u8bed\u53e5\uff0c\u4e13\u4e1a\u70b9\u7684\u8bf4\u6cd5\u53eb\u505a\uff1a<\/p>\n\n\n\n
    \n
  1. \u5efa\u7acb\u8fde\u63a5\uff1b<\/li>\n\n\n\n
  2. \u6784\u5efa\u8bed\u6cd5\u6811\uff1b<\/li>\n\n\n\n
  3. \u6267\u884c<\/li>\n<\/ol>\n\n\n\n
    \u8fd9\u4e5f\u662f\u4e3a\u4ec0\u4e48\u6211\u4eec\u4e4b\u524d\u8bf4\u7684\uff0c\u9884\u7f16\u8bd1\u7684\u4f5c\u7528\u662f\u8ba9\u6574\u4e2a\u8bed\u53e5\u7684\u529f\u80fd\u5df2\u7ecf\u63d0\u524d\u5b9a\u6b7b\uff0c\u6d88\u9664\u4e86sql\u8bed\u53e5\u7684\u6b67\u4e49\u3002\u5f53\u6211\u4eec\u8f93\u5165username= ‘root’\u540c\u6837\u4f1a\u6ca1\u6709\u4efb\u4f55\u8f93\u51fa<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u6211\u4eec\u770b\u4e00\u4e0b\u6570\u636e\u5e93\u7684\u65e5\u5fd7\uff1a<\/p>\n\n\n\n
    2023-10-22T15:49:30.089718Z\t   24 Connect\troot@localhost on test using TCP\/IP\n2023-10-22T15:49:30.089986Z\t   24 Prepare\tSELECT password FROM test where username= ?\n2023-10-22T15:49:30.090041Z\t   24 Execute\tSELECT password FROM test where username= '\\'root\\''<\/code><\/pre>\n\n\n\n
    \u8fd9\u65f6\u6211\u4eec\u518d\u8f93\u5165\u6ce8\u5165\u8bed\u53e5root' union select database()#<\/code><\/p>\n\n\n\n
    2023-10-22T15:43:23.500819Z\t   17 Connect\troot@localhost on test using TCP\/IP\n2023-10-22T15:43:23.502097Z\t   17 Prepare\tSELECT password FROM test where username= ?\n2023-10-22T15:43:23.502165Z\t   17 Execute\tSELECT password FROM test where username= 'root\\' union select database()#'\n2023-10-22T15:43:23.502600Z\t   17 Close stmt\t\n2023-10-22T15:43:23.502627Z\t   17 Quit\t<\/code><\/pre>\n\n\n\n
    \u5206\u6790\u9884\u7f16\u8bd1\u7684\u539f\u7406\u5176\u5b9e\u53ef\u4ee5\u53d1\u73b0\uff0c\u9884\u7f16\u8bd1\u5176\u5b9e\u662f\u4e3a\u4e86\u63d0\u9ad8MySQL\u7684\u8fd0\u884c\u6548\u7387\u800c\u8bde\u751f(\u800c\u4e0d\u662f\u4e3a\u4e86\u9632\u6b62sql\u6ce8\u5165)\uff0c\u56e0\u4e3a\u5b83\u53ef\u4ee5\u5148\u6784\u5efa\u8bed\u6cd5\u6811\u7136\u540e\u5e26\u5165\u67e5\u8be2\u53c2\u6570\uff0c\u907f\u514d\u4e86\u4e00\u6b21\u6267\u884c\u4e00\u6b21\u6784\u5efa\u8bed\u6cd5\u6811\u7684\u7e41\u7410\uff0c\u5bf9\u4e8e\u6570\u636e\u91cf\u4ee5\u53ca\u67e5\u8be2\u91cf\u8f83\u5927\u7684\u6570\u636e\u5e93\u80fd\u6781\u5927\u63d0\u9ad8\u8fd0\u884c\u6548\u7387\u3002\u4ece\u539f\u7406\u51fa\u53d1\uff0c\u53ef\u4ee5\u770b\u51fa\u6765\u6709\u4e9b\u65b9\u9762\u9884\u7f16\u8bd1\u5e76\u4e0d\u80fd\u5b8c\u5168\u963b\u6b62\u9884\u7f16\u8bd1\u3002<\/p>\n\n\n\n
    \u9884\u7f16\u8bd1\u4e0b\u7684sql\u6ce8\u5165\u70b9<\/h2>\n\n\n\n
    \u5bbd\u5b57\u8282(2025\/4\/11\u66f4\u65b0 \u7ecf\u8fc7\u6631\u5b50\u7684\u6307\u6b63\u4fee\u6539\u4e86\u4ee3\u7801\uff0c\u73b0\u5728\u80fd\u590d\u73b0\u6210\u529f\u4e86)<\/h3>\n\n\n\n
    \u5bbd\u5b57\u8282\u6ce8\u5165\u51fa\u73b0\u7684\u672c\u8d28\u5c31\u662f\u56e0\u4e3a\u6570\u636e\u5e93\u7684\u7f16\u7801\u4e0e\u4ee3\u7801\u7684\u7f16\u7801\u4e0d\u540c\uff0c\u5bfc\u81f4\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u8f93\u5165\u7cbe\u5fc3\u6784\u9020\u7684\u6570\u636e\u901a\u8fc7\u7f16\u7801\u8f6c\u6362\u541e\u6389\u8f6c\u4e49\u5b57\u7b26\u3002<\/p>\n\n\n\n
    \u770b\u6211\u4eec\u521a\u521asql\u8bed\u53e5\u7684\u6267\u884c\u65e5\u5fd7\u53ef\u4ee5\u53d1\u73b0\u5bf9\u4e8e\u6a21\u62df\u9884\u7f16\u8bd1\u7406\u8bba\u4e0a\u662f\u5b58\u5728\u5bbd\u5b57\u8282\u6ce8\u5165\u7684\uff0c\u56e0\u4e3a\u5b83\u53ea\u662f\u672c\u5730\u5bf9\u6267\u884c\u7684sql\u8bed\u53e5\u8fdb\u884c\u4e00\u6b21\u6a21\u62df\u7684\u9884\u7f16\u8bd1\u7136\u540e\u5c31\u628a\u8bed\u53e5\u53d1\u7ed9\u6570\u636e\u5e93\u6267\u884c\u53bb\u4e86\uff0c\u800c\u4e14\u53ea\u662f\u4f7f\u7528\u4e86\\\u6765\u8fdb\u884c\u8f6c\u4e49\uff0c\u5982\u679c\u6211\u4eec\u80fd\u6709\u4ec0\u4e48\u529e\u6cd5\u541e\u6389\u8fd9\u4e2a\\\uff0c\u90a3\u662f\u4e0d\u662f\u6211\u4eec\u5c31\u53ef\u4ee5\u6267\u884c\u6076\u610f\u7684sql\u8bed\u53e5\u4e86\u5462<\/p>\n\n\n\n
    \u6d4b\u8bd5\u73af\u5883\uff1aphp5.3.29+apache2.4.39+mysql5.7.26<\/p>\n\n\n\n
    <?php\n$username = $_POST['username'];\n\n$db = new PDO(\"mysql:host=localhost;dbname=test\", \"root\", \"root\");\n\n$db->query('SET NAMES GBK');\n\n$stmt = $db->prepare(\"SELECT password FROM test where username= :username\");\n\n$stmt->bindParam(':username', $username);\n\n$stmt->execute();\n\n$result = $stmt->fetchAll(PDO::FETCH_ASSOC);\n\nvar_dump($result);\n\n$db = null;\n<\/code><\/pre>\n\n\n\n
    \u5f53\u6211\u4eecpost<\/p>\n\n\n\n
    username=1%df%27%20union%20select%20version();#<\/code><\/pre>\n\n\n\n
    \u67e5\u770b\u65e5\u5fd7\uff1a<\/p>\n\n\n\n
    2025-04-11T07:21:36.018243Z\t   45 Connect\troot@localhost on test using TCP\/IP\n2025-04-11T07:21:36.018351Z\t   45 Query\tset character_set_client=gbk\n2025-04-11T07:21:36.018436Z\t   45 Query\tSELECT password FROM test where username= '1\u00df\\' union select version();\n2025-04-11T07:21:36.018640Z\t   45 Query\t#'\n2025-04-11T07:21:36.018858Z\t   45 Quit\t<\/code><\/pre>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u8fd9\u91cc\u770b\u8d77\u6765\u8fd8\u662f\u6bd4\u8f83\u5947\u602a\u7684\uff0c\u6211\u4eec\u7528tcp.port == 3306\u8fc7\u6ee4\u4e00\u4e0b\uff0c\u7136\u540e\u6293\u4e00\u4e0b\u6d41\u91cf\uff1a<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u63a5\u7740\u6570\u636e\u5e93\u6b63\u786e\u7684\u8fd4\u56de\u4e86\u503c\uff1a<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u8fd9\u91cc\u731c\u731c\u4e3a\u4ec0\u4e48\u771f\u7f16\u8bd1\u662f\u4e0d\u80fd\u541e\u6389\\\u6267\u884c\u6076\u610f\u8bed\u53e5\u5462\uff0c\u662f\u56e0\u4e3a\u63d0\u524d\u7ed1\u5b9a\u53c2\u6570\u4e86\u5417\uff1f\u56e0\u4e3a\u5f53\u6211\u4eec\u8bbe\u7f6e\u7f16\u7801\u4e4b\u540e\uff0c\u65e5\u5fd7\u91cc\u67e5\u8be2\u53c2\u6570\u90fd\u88abhex\u4e86\uff1a<\/p>\n\n\n\n
    2023-10-26T01:20:47.891775Z\t   23 Prepare\tSELECT password FROM test where username= ?\n2023-10-26T01:20:47.891842Z\t   23 Execute\tSELECT password FROM test where username= 0x31DF2720756E696F6E2073656C65637420646174616261736528293B23\n2023-10-26T01:20:47.892337Z\t   23 Close stmt\t\n2023-10-26T01:20:47.892379Z\t   23 Quit\t<\/code><\/pre>\n\n\n\n
    \u56e0\u6b64\u76f8\u6bd4\u4e8e\u6a21\u62df\u9884\u7f16\u8bd1\uff0c\u771f\u7f16\u8bd1\u7684\u5b89\u5168\u6027\u5927\u7684\u591a\uff0c\u73b0\u5728\u53ef\u80fd\u7684\u51e0\u79cd\u9488\u5bf9\u9884\u7f16\u8bd1\u7684\u6ce8\u5165\u65b9\u6cd5\u4e5f\u90fd\u662f\u5728\u6a21\u62df\u9884\u7f16\u8bd1\u4e0b\u5b9e\u73b0\u7684\u3002<\/p>\n\n\n\n
    \u6ca1\u6709\u53c2\u6570\u7ed1\u5b9a<\/h3>\n\n\n\n
    \u6ca1\u6709\u53c2\u6570\u7ed1\u5b9a\u7684\u9884\u7f16\u8bd1\u7b49\u4e8e\u6ca1\u6709\u9884\u7f16\u8bd1<\/strong>\uff0c\u65e0\u8bba\u662f\u771f\u7f16\u8bd1\u8fd8\u662f\u6a21\u62df\u9884\u7f16\u8bd1\uff0c\u6ca1\u6709\u53c2\u6570\u7ed1\u5b9a\u7b49\u4e8e\u6ca1\u7f16\u8bd1\uff0c\u5e76\u4e14\u7531\u4e8epdo\u9ed8\u8ba4\u652f\u6301\u5806\u53e0\u6ce8\u5165\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5806\u53e0\u6ce8\u5165\u5148\u63d2\u5165\u503c\u7136\u540e\u67e5\u8be2\u63d2\u5165\u7684\u503c\u83b7\u53d6\u8f93\u51fa\u7ed3\u679c\u3002<\/p>\n\n\n\n
    <?php\n$id = $_POST['id'];\n\n$dbs = \"mysql:host=localhost;dbname=test\";\n$dbname = \"root\";\n$passwd = \"root123\";\n\n$conn = new PDO($dbs, $dbname, $passwd);\n\n# \u9884\u5904\u7406\u8bed\u53e5\n$stmt = $conn->prepare(\"SELECT * FROM test where id= $id\");\n$conn -> setAttribute(PDO::ATTR_EMULATE_PREPARES, false);\n$stmt->execute();\n$result = $stmt->fetchAll(PDO::FETCH_ASSOC);\n\nvar_dump($result);\n\n$conn=null; # \u5173\u95ed\u94fe\u63a5\n?><\/code><\/pre>\n\n\n\n
    \u6211\u4eec\u53ef\u4ee5post\u4e00\u4e2a<\/p>\n\n\n\n
    id=1;insert into test(id,username,password) values(114514,database(),user())<\/code><\/pre>\n\n\n\n
    \u63a5\u7740post id=114514<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u53ef\u4ee5\u770b\u5230\u6211\u4eec\u6210\u529f\u83b7\u53d6\u4e86database()\u4ee5\u53causer()\u7684\u8f93\u51fa\u7ed3\u679c\uff0c\u67e5\u770b\u65e5\u5fd7\uff0c\u53ef\u4ee5\u53d1\u73b0\u6570\u636e\u5e93\u6267\u884c\u4e86\u4e24\u6761\u8bed\u53e5<\/p>\n\n\n\n
    2023-10-27T01:06:09.232609Z\t  173 Connect\troot@localhost on test using TCP\/IP\n2023-10-27T01:06:09.232961Z\t  173 Query\tSELECT * FROM test where id= 1;\n2023-10-27T01:06:09.233159Z\t  173 Query\tinsert into test(id,username,password) values(114514,database(),user())\n2023-10-27T01:06:09.233581Z\t  173 Quit\t<\/code><\/pre>\n\n\n\n
    \u65e0\u6cd5\u9884\u7f16\u8bd1\u7684\u4f4d\u7f6e<\/h3>\n\n\n\n
    \u4e4b\u524d\u5176\u5b9e\u63d0\u5230\u8fc7\uff0corder by\u7684\u540e\u9762\u662f\u6ca1\u6cd5\u9884\u7f16\u8bd1\u7684\uff0c\u56e0\u6b64\u9047\u5230\u53ef\u63a7\u6392\u5e8f\u529f\u80fd\u4e00\u822c\u4e00\u6ce8\u4e00\u4e2a\u51c6\uff0c\u6211\u4eec\u6765\u901a\u8fc7\u65e5\u5fd7\u7814\u7a76\u4e00\u4e0b\u8fd9\u5230\u5e95\u662f\u4e3a\u4ec0\u4e48<\/p>\n\n\n\n
    <?php\n$col = $_POST['col'];\n\n$dbs = \"mysql:host=localhost;dbname=test\";\n$dbname = \"root\";\n$passwd = \"root123\";\n\n$conn = new PDO($dbs, $dbname, $passwd);\n$conn -> setAttribute(PDO::ATTR_EMULATE_PREPARES, false);\n\n# \u9884\u5904\u7406\u8bed\u53e5\n$stmt = $conn->prepare(\"SELECT * FROM test order by :col\");\n\n$stmt->bindParam(':col', $col);\n$stmt->execute();\n$result = $stmt->fetchAll(PDO::FETCH_ASSOC);\n\nvar_dump($result);\n\n$conn=null; # \u5173\u95ed\u94fe\u63a5\n?><\/code><\/pre>\n\n\n\n
    \u5047\u5982\u6211\u4eec\u60f3\u6309\u7167password\u8fdb\u884c\u6392\u5e8f\uff0cpost\u4e00\u4e2acol=password<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u4f60\u53ef\u80fd\u89c9\u5f97\u6ca1\u4ec0\u4e48\u95ee\u9898\uff0c\u6211\u4eec\u53bb\u65e5\u5fd7\u770b\u770b<\/p>\n\n\n\n
    2023-10-27T01:23:43.100087Z\t  187 Connect\troot@localhost on test using TCP\/IP\n2023-10-27T01:23:43.100579Z\t  187 Query\tSELECT * FROM test order by 'password'\n2023-10-27T01:23:43.101405Z\t  187 Quit\t<\/code><\/pre>\n\n\n\n
    \u53ef\u4ee5\u770b\u5230\u5b83\u81ea\u52a8\u7ed9\u6211\u4eec\u4f20\u5165\u7684\u503cpassword\u7684\u52a0\u4e86\u5f15\u53f7\uff0c\u7136\u800c\u8fd9\u5176\u5b9e\u662f\u4e0e\u6211\u4eec\u7684\u76ee\u6807\u80cc\u9053\u800c\u9a70\u7684\uff1a<\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    order by\u5728\u5e95\u5c42\u67e5\u8be2\u8fc7\u7a0b\u4e2d\u662f\u76f4\u63a5\u628aorder by\u540e\u9762\u8fd9\u4e2a\u503c\u8fdb\u884c\u5229\u7528\u7136\u540e\u6392\u5e8f\uff0c\u5982\u679c\u52a0\u4e0a\u5f15\u53f7\u7684\u8bdd\u6570\u636e\u5e93\u4f1a\u7d22\u5f15\u5931\u8d25\uff0c\u67e5\u8be2\u7ed3\u679c\u5176\u5b9e\u7b49\u540c\u4e8eorder by NULL\u6216\u8005order by TRUE\uff0c\u672c\u8d28\u4e0a\u662f\u4e00\u6761\u4e0d\u5408\u6cd5\u7684\u8bf7\u6c42\u3002\u56e0\u6b64\u65e0\u8bba\u662forder by\u8fd8\u662fgroup by\uff0c\u4ed6\u4eec\u540e\u9762\u7684\u53c2\u6570\u90fd\u662f\u4e0d\u80fd\u5e26\u5f15\u53f7\u7684\uff0c\u800c\u9884\u7f16\u8bd1\u4e2d\u53c2\u6570\u7ed1\u5b9a\u7684\u8fc7\u7a0b\u4f1a\u81ea\u52a8\u7ed9\u5b83\u4eec\u5e26\u4e0a\u5f15\u53f7\uff0c\u8fd9\u5c31\u5bfc\u81f4\u8fd9\u4e9b\u4f4d\u7f6e\u4e0a\u7684\u53c2\u6570\u662f\u4e0d\u80fd\u88ab\u9884\u7f16\u8bd1\u7684\uff0c\u56e0\u4e3a\u5b83\u7684\u6267\u884c\u7ed3\u679c\u662f\u9519\u8bef\u7684\u3002\u6240\u4ee5\u6e17\u900f\u7684\u65f6\u5019\u9047\u5230\u7591\u4f3c\u6392\u5e8f\u7684\u529f\u80fd\u6211\u4eec\u53ef\u4ee5\u5927\u80c6\u7684\u53bb\u5c1d\u8bd5sql\u6ce8\u5165\uff0c\u4e00\u822c\u90fd\u80fd\u6210\u529f\u3002<\/p>\n\n\n\n
    \u8fd9\u91cc\u4e5f\u8865\u5145\u4e00\u4e0border by\u540e\u9762\u4ee5\u53cagroup by \u540e\u9762\u600e\u4e48\u6ce8\u5165\uff0c\u6709\u62a5\u9519\u56de\u663e\u7684\u76f4\u63a5\u62a5\u9519\u6ce8\u5165\u5c31\u884c\u4e86\uff0c\u8fd9\u4e2a\u7b80\u5355\uff0c\u6ca1\u6709\u62a5\u9519\u7684\u8bdd\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u6784\u9020\u5e03\u5c14\u6761\u4ef6\u8fdb\u884c\u6ce8\u5165\uff1a<\/p>\n\n\n\n
    \"\"<\/div><\/figure>\n\n\n\n
    \"\"<\/div><\/figure>\n\n\n\n
    \u53ef\u4ee5\u770b\u5230\u968frand()\u4e2d\u503c\u771f\u5047\u7684\u4e0d\u540c\uff0c\u6392\u5e8f\u51fa\u6765\u7684\u7ed3\u679c\u4e5f\u662f\u4e0d\u540c\u7684\uff0c\u56e0\u6b64\u53ef\u4ee5\u901a\u8fc7\u8fd9\u4e2a\u7279\u5f81\u8fdb\u884c\u5e03\u5c14\u6ce8\u5165\uff0c\u6bd4\u5982\u8f93\u5165rand(ascii(mid((select database()),1,1))>96)\uff0c\u5982\u679c\u6210\u7acb\u548c\u4e0d\u6210\u7acb\u8f93\u51fa\u7ed3\u679c\u663e\u7136\u662f\u4e0d\u540c\u7684\uff0c\u5982\u679c\u6211\u4eec\u6210\u529f\u6ce8\u5165\uff0c\u8f93\u51fa\u5e94\u8be5\u662froot dingzhen admin\u7684\u987a\u5e8f<\/p>\n\n\n\n
    \"\"<\/div><\/figure>\n\n\n\n
    \u901a\u8fc7\u8fd9\u79cd\u65b9\u6cd5\u6211\u4eec\u5c31\u53ef\u4ee5\u76f2\u6ce8\u51fa\u60f3\u8981\u7684\u6570\u636e\u3002<\/p>\n\n\n\n
    \u4ece\u8fd9\u4e2a\u601d\u8def\u6211\u4eec\u5176\u5b9e\u5c31\u4e0d\u96be\u7406\u89e3\u4e3a\u4ec0\u4e48\u6709\u4e9b\u4f4d\u7f6e\u4e0d\u80fd\u88ab\u9884\u7f16\u8bd1\uff0c\u9664\u4e86order by\u548cgroup by\u8fd8\u6709\u5417\uff1f\u5f53\u7136\u6709\uff0c\u53ea\u8981\u662f\u52a0\u4e86\u5f15\u53f7\u4f1a\u5bfc\u81f4\u8bed\u53e5\u6267\u884c\u7ed3\u679c\u9519\u8bef\u7684\u4f4d\u7f6e\u90fd\u662f\u4e0d\u884c\u7684\uff1a<\/p>\n\n\n\n
    \u8868\u540d\uff1a<\/strong><\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u5217\u540d\uff1a<\/strong><\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    limit:<\/strong><\/p>\n\n\n\n
    \"\"<\/div><\/figure>\n\n\n\n
    join:<\/strong><\/p>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \"\"\/<\/div><\/figure>\n\n\n\n
    \u603b\u800c\u8a00\u4e4b\u5c31\u4e00\u4e2a\u601d\u8def\uff0c\u4e0d\u80fd\u52a0\u5f15\u53f7\u7684\u4f4d\u7f6e\u5c31\u4e0d\u80fd\u9884\u7f16\u8bd1\u3002\u8fd9\u91cc\u6211\u4eec\u5c31\u53ef\u4ee5\u770b\u51fa\u9884\u7f16\u8bd1\u5f88\u660e\u663e\u7684\u7f3a\u9677\uff0c\u5f53\u7136\uff0c\u6211\u4eec\u4e5f\u4e0d\u80fd\u9519\u602a\u9884\u7f16\u8bd1\u7684\u8bbe\u8ba1\u8005\u4eec\uff0c\u56e0\u4e3a\u8fd9\u73a9\u610f\u513f\u672c\u6765\u8bbe\u8ba1\u4e4b\u521d\u5c31\u4e0d\u662f\u7ed9\u4f60\u9632\u6ce8\u5165\uff0c\u662f\u7528\u6765\u5728\u5927\u6279\u91cf\u67e5\u8be2\u65f6\u51cf\u5c11\u8bed\u6cd5\u6811\u6784\u9020\u7684\uff0c\u56e0\u6b64\u51fa\u73b0\u5dee\u9519\u4e5f\u662f\u53ef\u4ee5\u7406\u89e3\u7684\uff0c\u5f53\u7136\u8fd9\u79cd\u5dee\u9519\u5c31\u7ed9\u4e86\u9ed1\u5ba2\u53ef\u4e58\u4e4b\u673a\u3002<\/p>\n\n\n\n
    \u8fd9\u91cc\u518d\u5f15\u7533\u4e00\u4e0b\uff0c\u5bf9\u4e8eorder by\u3001ground by\u8fd9\u79cd\u65e0\u6cd5\u8fdb\u884c\u9884\u7f16\u8bd1\u7684\u573a\u666f\u6211\u4eec\u8be5\u600e\u4e48\u9632\u5fa1\u5462\uff0c\u6bd4\u5982Mybaits\u5fc5\u987b\u4f7f\u7528${}order by\u53c2\u6570\uff0c\u53ef\u901a\u8fc7\u767d\u540d\u5355\u601d\u8def\u5bf9\u4f20\u5165\u7684\u53c2\u6570\u8fdb\u884c\u5224\u65ad\uff0c\u6216\u8005\u4f7f\u7528\u95f4\u63a5\u5bf9\u8c61\u5f15\u7528\uff0c\u524d\u7aef\u4f20\u9012\u5f15\u7528\u6570\u5b57\u7b49\uff0c\u7528\u4e8e\u4e0e\u540e\u7aef\u6392\u5e8f\u53c2\u6570\u505a\u6570\u7ec4\u6620\u5c04\uff0c\u907f\u514d\u524d\u7aef\u76f4\u63a5\u4f20\u5165order by\u53c2\u6570\u9020\u6210sql\u6ce8\u5165\u3002<\/p>\n\n\n\n
    \u6bd4\u5982\u6211\u4eec\u60f3\u6267\u884cselect xx order by name\uff0c\u90a3\u4e48\u524d\u7aef\u5c31\u4e0d\u8981\u4f20\u5165name\u8fd9\u4e2a\u503c\uff0c\u800c\u662f\u6570\u5b57\u6bd4\u59821\uff0c\u7136\u540e\u5728\u540e\u7aef\u5c061\u4e0e\u771f\u6b63\u60f3\u67e5\u8be2\u7684\u53c2\u6570name\u8fdb\u884c\u5bf9\u5e94\uff0c\u7136\u540e\u518d\u6267\u884csql\u8bed\u53e5\u3002\u6bd4\u5982\u6620\u5c04\u8868\u4e3a1->name\uff0c2->age\uff0c3->gender\uff0c\u60f3\u8981\u67e5\u8be2order by name\u3001age\u3001gender\u7684\u7ed3\u679c\u524d\u7aef\u53ea\u7528\u4f20\u51651\u30012\u30013\u5373\u53ef\uff0c\u901a\u8fc7\u9632\u6b62\u76f4\u63a5\u6267\u884c\u7528\u6237\u4f20\u5165\u7684\u503c\u6765\u4ece\u6839\u672c\u4e0a\u9632\u6b62sql\u6ce8\u5165\u7684\u4ea7\u751f\u3002(order by\u540e\u7684\u6ce8\u5165\u5728\u6211\u5b9e\u4e60\u671f\u95f4\u5728xhs\u771f\u5b9e\u51fa\u73b0\u8fc7\uff0c\u5f53\u65f6\u7684\u89e3\u51b3\u529e\u6cd5\u5c31\u662f\u95f4\u63a5\u5f15\u7528)<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u521a\u5b66web\u5b89\u5168\u7684\u65f6\u5019\u5b66\u5230sql\u6ce8\u5165\u9632\u5fa1\uff0c\u90a3\u4e9b\u6587\u7ae0\u57fa\u672c\u4e0a\u90fd\u4f1a\u8bf4\u5229\u7528pdo\u9884\u7f16\u8bd1\u5c31\u53ef\u4ee5\u8fd1\u4e4e\u5b8c\u7f8e\u9632\u5fa1sql\u6ce8\u5165\uff0c\u6216\u8005 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2602","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/2602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/comments?post=2602"}],"version-history":[{"count":38,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/2602\/revisions"}],"predecessor-version":[{"id":3503,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/posts\/2602\/revisions\/3503"}],"wp:attachment":[{"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/media?parent=2602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/categories?post=2602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fushuling.com\/index.php\/wp-json\/wp\/v2\/tags?post=2602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}