SQL注入：delete与注入逻辑

根据已有表创建相似表结构

 create table newTable as select * from oldTable;
 desc newTable;

将旧表中数据插入到新表中

insert into student2 select * from student;

查找指定条件信息

select * from tableName where columnName=‘value’;

删除记录

delete from tableName where columnName=‘value’;

联合删除

delete from tableName1 a,tableName2 b where a.xxx=b.xxx and a.xx='value';

命令行传参控制mysql数据库

variable=value
mysql databaseName -e "delete from tableName where columnName='$variable'"

尝试注入,删除全部信息

#注入变量内容  variable=1‘ or '1'='1'; #
删除语句 mysql databaseName -e "delete from tableName where columnName='$variable'"
执行结果 mysql databaseName -e "delete from tableName where columnName='1‘ or '1'='1'; #'"

通过控制参数，尝试闭合单引号。并输入非法的sql语句，达到恶意查询的效果。