SQL注入基本原理

与数据库交互的php代码

 $query  = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';"; 

 

关键的SQL语句

select * from `users` where user = '$user' and password = '$pass';

 

带dollar符号的变量是用户可以输入的数字或字符的地方

我们可以闭合前面的符号再注释掉后面的语句来达到执行我们想执行的函数语句

select * from `users` where user = 'admin'' and 1=1 -- and password = '123';