English 中文(简体)
员额参数
原标题:post parameter not injectable

我想理解为什么它无法以《特别行动计划》参数的形式提出小数发言。 我用map图对它进行了尝试,并且没有成功。

有一项明确的职能:

function mysql_get_result($sQuery, $hSocket) //$sQuery: mysql query, 
                                          $hSocket:MySQLSocket(mysql_connect).  
{
 $sResource = mysql_query($sQuery, $hSocket);
 list($sValue) = mysql_fetch_row($sResource);
 return $sValue;
}

并且存在对《标准指示》参数的实际查询:

(mysql_get_result("SELECT place FROM towns
 WHERE place =  ".$sR_place."  AND num =  ".$iR_num." ", $hMySQLSocket) 
 == $sR_place and $sR_place !=   )

没有任何投入。 因此,它为什么要工作? jection除只当其神秘的频率没有采取更多步骤时才会奏效?

问题回答

你的法典应容易投射,因为你没有重新编辑“条码”和“米斯克勒_real_efall_string <>/条码”或将盘点参数化。

你应尝试修改你的《人口调查》参数,因为问题很可能是你的袭击形式不当。 进行各种攻击

时间:2012-01-12 15:51:07


上一篇:
下一篇:


相关问题
SQL SubQuery getting particular column

I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...

时间:2009-11-13 05:35:38 回答:3 展示:1
难以执行 REGEXP_SUBSTR

I m 查询Oracle 10g。 我有两张表格(样本数据见下文)。 i m 试图提取一些领域

时间:2009-11-13 04:45:17 回答:1 展示:1
SQL Query Shortcuts

What are some cool SQL shorthands that you know of? For example, something I learned today is you can specify to group by an index: SELECT col1, col2 FROM table GROUP BY 2 This will group by col2

时间:2009-11-13 04:22:07 回答:3 展示:1
PHP array callback functions for cleaning output

I have an array of output from a database. I am wondering what the cleanest way to filter the values is example array Array ( [0] => Array ( [title] => title 1 ...

时间:2009-11-09 15:35:56 回答:5 展示:1
OracleParameter and DBNull.Value

we have a table in an Oracle Database which contains a column with the type Char(3 Byte). Now we use a parameterized sql to select some rows with a DBNull.Value and it doesn t work: OracleCommand ...

时间:2009-11-09 14:37:41 回答:5 展示:1
Running numbers in SQL

I have a SQL-statement like this: SELECT name FROM users WHERE deleted = 0; How can i create a result set with a running number in the first row? So the result would look like this: 1 Name_1 2 ...

时间:2009-11-09 14:33:30 回答:3 展示:1
How to get SQL queries for each user where env is production

I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...

时间:2009-11-09 14:20:51 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全