#ql在sql中意味着什么?
[英]What does # mean in sql?
问题描述
有没有人知道在mysql注入的上下文中, OR 1#是什么意思?
2 个解决方案
解决方案1
39 已采纳 2010-11-29 03:42:11
It is MySQL's version of the line comment delimiter. 
这是MySQL的行注释分隔符的版本。 In standard SQL, the line comment delimiter is -- . 在标准SQL中,行注释分隔符为-- 。
-- This is a standard SQL comment.
# This is a MySQL comment.
So in the context of SQL injection, if the attacker knows you're using MySQL he may use it to abruptly terminate the malicious SQL statement, causing MySQL to ignore whatever is behind the # and execute only the stuff that comes before it. 因此,在SQL注入的上下文中,如果攻击者知道您正在使用MySQL,他可能会使用它突然终止恶意SQL语句,导致MySQL忽略#背后的任何内容并仅执行之前的内容。 This is only effective against single-line SQL statements, however. 但是,这仅对单行SQL语句有效。 Here's an example: 这是一个例子:
Input: 输入:
Username:
fake' OR 1#fake' OR 1#
Password:passpass
Resultant SQL: 结果SQL:
SELECT * FROM users WHERE username = 'fake' OR 1#' AND password = 'pass'
Which is executed as this, which returns every row : 这是执行的,返回每一行 :
SELECT * FROM users WHERE username = 'fake' OR 1
解决方案2
1 2010-11-29 03:42:56
This is the start of a comment. 这是评论的开始。 It means that anything after that will be skipped by the parser. 这意味着解析器将跳过之后的任何内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.