sql注入学习(一)-各个数据库抛出异常介绍

网络请求和数据库查询关系

比如打开一个网址:http://host/getuser?id=23
或许数据库查询方式:

select * from table_name where id=23

select * from table_name where id='23'

select * from table_name where id="23"

select * from table_name where id=(23)

select * from table_name where id=('23')

select * from table_name where id=("23")

常见的一些各个数据库的抛出异常总结

  • MySQL Error Style:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
  • MSSQL ASPX Error:
Server Error in '/' Application
  • MSAccess (Apache PHP):
Fatal error: Uncaught exception 'com_exception' with message Source: Microsoft JET Database Engine
  • MSAccesss (IIS ASP):
Microsoft JET Database Engine error '80040e14'
  • Oracle Error:
ORA-00933: SQL command not properly ended
  • ODBC Error:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
  • PostgreSQL Error:
PSQLException: ERROR: unterminated quoted string at or near "'" Position: 1
or
Query failed: ERROR: syntax error at or near
"'" at character 56 in /www/site/test.php on line 121.
  • MS SQL Server: Error:
Microsoft SQL Native Client error %u201880040e14%u2019
Unclosed quotation mark after the character string
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容