mysql注入錯誤1064

我想在此聲明中注入sql union聲明。mysql注入錯誤1064

select id, email, `password` from users 
where id = 1 union select 1,2,3; 
order by users.id

但它返回一個錯誤：

[Err] 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by users.id' at line 1

我怎麼能得到這個說法的工作？

來源

2013-01-02 Ammar

除去;前ORDER BY子句

select id, email, password 
from users where id = 1 
union 
select 1,2,3 
order by id

UPDATE 1

SELECT id, email, password 
FROM 
    (
     SELECT id, email, password, 1 AS orders 
     FROM users 
     WHERE id = 1 
     UNION 
     SELECT 1,2,3,2 
    ) s 
ORDER BY orders, id

來源

2013-01-02 09:49:17

我可以刪除;但不能刪除users.id或將其替換爲id，因爲它是原始代碼，現在在刪除時;錯誤是：[錯誤] 1054 - '訂單子句'中的未知列'users.id' – Ammar

@Ammar看到我的更新。 –

原來的陳述是[選擇身份證，電子郵件，密碼從用戶身份其中ID =？ order by users.id] 我只能訪問參數，所以我不能注入你的代碼。 – Ammar

mysql注入錯誤1064

回答

相關問題