为什么这个 MySQL 查询溢出到下一行
Why does this MySQL query spill over to the next line
输入将来自 Web 表单,我正在尝试通过表单进行 SQL 注入。在密码字段中,我试图用单引号来查看在后端调用了哪种错误。我 运行 在后端手动执行相同的查询 -
mysql> UPDATE users SET password = ''' WHERE username='admin';
我知道单引号不匹配,但我只想看看查询在后端的表现如何。
但是查询不会立即 运行。它溢出到下一行,就好像它在等待更多的输入。
mysql> UPDATE users SET password = ''' WHERE username='admin';
'> ';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'admin';
'' at line 1
为什么会溢出到第二行?为什么它不能直接说接近 "syntax error near password"
的东西
尝试添加一个转义字符:\'
mysql> UPDATE users SET password = '\'' WHERE username='admin';
MySQL 允许写一个 literal ' within a string literal quoted with ' 连续两个 '':
There are several ways to include quote characters within a string:
- A “
'” inside a string quoted with “'” may be written as “''”.
[…]
所以紧跟在开头 ' 之后的 '' 被解释为单个文字 '.
输入将来自 Web 表单,我正在尝试通过表单进行 SQL 注入。在密码字段中,我试图用单引号来查看在后端调用了哪种错误。我 运行 在后端手动执行相同的查询 -
mysql> UPDATE users SET password = ''' WHERE username='admin';
我知道单引号不匹配,但我只想看看查询在后端的表现如何。
但是查询不会立即 运行。它溢出到下一行,就好像它在等待更多的输入。
mysql> UPDATE users SET password = ''' WHERE username='admin';
'> ';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'admin';
'' at line 1
为什么会溢出到第二行?为什么它不能直接说接近 "syntax error near password"
的东西尝试添加一个转义字符:\'
mysql> UPDATE users SET password = '\'' WHERE username='admin';
MySQL 允许写一个 literal ' within a string literal quoted with ' 连续两个 '':
There are several ways to include quote characters within a string:
- A “
'” inside a string quoted with “'” may be written as “''”.[…]
所以紧跟在开头 ' 之后的 '' 被解释为单个文字 '.