sql注入拼接字符串的方法:
常见的字符串连接函数有concat(),concat_ws(),group_concat(),使用示例:
SELECT concat(id, ‘,’, name) AS con FROM info LIMIT 1;//即将id与name从info中报出SELECT concat_ws('_',id,name) AS con_ws FROM info LIMIT 1;//即将id,name以_相连使用
SELECT concat(id, ‘,’, name) AS con FROM info LIMIT 1;//即将id与name从info中报出
SELECT concat_ws('_',id,name) AS con_ws FROM info LIMIT 1;//即将id,name以_相连使用
