mysql:sql注入(inject)演示出现问题

Question

根据本教程:http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php下面的代码将演示SQL注入(inject):

<?php
// a good user's name
$name = "timmy"; 
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br />";

// user input that uses SQL Injection
$name_bad = "' OR 1'"; 

// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

// display what the new query will look like, with injection
echo "Injection: " . $query_bad;

在前端，它显示:注入(inject):SELECT * FROM customer WHERE username = '' OR 1''

所以我刚刚做了一个测试，在 phpmyadmin->sql 中，我运行以下代码:

从用户中选择 * WHERE fname = '' OR 1''

它显示:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' LIMIT 0, 30' at line 1

问题:

假设它会显示“users”表中的每个条目，但不是，为什么？如果我想演示sql注入(inject)，该怎么做？

Answer 1

更典型的 SQL 注入(inject)是:$name_bad = "' OR 1=1 -- ";。这将导致以下 SQL:

SELECT * FROM customers WHERE username = '' OR 1=1 -- '