sql注入学习(一)-各个数据库抛出异常介绍

96
望月成三人
2016.09.09 16:34* 字数 87

网络请求和数据库查询关系

比如打开一个网址:http://host/getuser?id=23
或许数据库查询方式:

select * from table_name where id=23

select * from table_name where id='23'

select * from table_name where id="23"

select * from table_name where id=(23)

select * from table_name where id=('23')

select * from table_name where id=("23")

常见的一些各个数据库的抛出异常总结

  • MySQL Error Style:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
  • MSSQL ASPX Error:
Server Error in '/' Application
  • MSAccess (Apache PHP):
Fatal error: Uncaught exception 'com_exception' with message Source: Microsoft JET Database Engine
  • MSAccesss (IIS ASP):
Microsoft JET Database Engine error '80040e14'
  • Oracle Error:
ORA-00933: SQL command not properly ended
  • ODBC Error:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
  • PostgreSQL Error:
PSQLException: ERROR: unterminated quoted string at or near "'" Position: 1
or
Query failed: ERROR: syntax error at or near
"'" at character 56 in /www/site/test.php on line 121.
  • MS SQL Server: Error:
Microsoft SQL Native Client error %u201880040e14%u2019
Unclosed quotation mark after the character string
安全测试