sql注入测试用例

1 删除表:Select * from A where A.a = ‘testdata’; drop table A---’;

2 获取所有记录:

Select * from A where A.a = ‘testdata’ OR ‘1’=’1’;

3 不输入密码:

Select * from user A where A.username =  ‘username’--’ and A.password = ‘’;

4 使用半个单引号、分号

Update table A set A.a = ‘testdata’;--’

 

查询重复名称

select InnerCode from tbInfoEmployee where EmpName in(select EmpName from tbInfoEmployee group by EmpName having COUNT(empName)>1)

posted @ 2018-09-25 09:07  caojuanshu  阅读(3729)  评论(0编辑  收藏  举报