mysql注入错误1064

我想在此声明中注入sql union声明。mysql注入错误1064

select id, email, `password` from users 
where id = 1 union select 1,2,3; 
order by users.id

但它返回一个错误：

[Err] 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by users.id' at line 1

我怎么能得到这个说法的工作？

来源

2013-01-02 Ammar

除去;前ORDER BY子句

select id, email, password 
from users where id = 1 
union 
select 1,2,3 
order by id

UPDATE 1

SELECT id, email, password 
FROM 
    (
     SELECT id, email, password, 1 AS orders 
     FROM users 
     WHERE id = 1 
     UNION 
     SELECT 1,2,3,2 
    ) s 
ORDER BY orders, id

来源

2013-01-02 09:49:17

我可以删除;但不能删除users.id或将其替换为id，因为它是原始代码，现在在删除时;错误是：[错误] 1054 - '订单子句'中的未知列'users.id' – Ammar

@Ammar看到我的更新。 –

原来的陈述是[选择身份证，电子邮件，密码从用户身份其中ID =？ order by users.id] 我只能访问参数，所以我不能注入你的代码。 – Ammar

mysql注入错误1064

回答

相关问题