1. 1. Drop
table. Guess table name and drop it, note the next flowing SQL language
Select
* from A where A.a = ‘testdata’;
drop table A---’; |
2. 2. If
a field only allow number, give it a String or others
3. Use
‘OR 1=1’, get all records in query function
Select
* from A where A.a = ‘testdata’
OR ‘1’=’1’; |
4. 3. In
login function, give user name field like ‘username’--’, “--’ and A.password = ‘’” is commented
Select
* from user A where A.username = ‘username’--’ and A.password = ‘’; |
5. 4. Adding
records function, if there is 4 fields in this table, add 5 fields, eg.
Normal: Insert into table A values(‘’,’’,’’,’’); Test Data: Insert into table A values(‘’,’testdata’,’’,’’,’’); |
6. 5. Input
test data in or out of this field data
7. 6. Add
single quotation marks and semicolon, and break off string splicing, this is
similar with point 4
Update table A set A.a = ‘testdata’;--’ |
Yellow partis test data we input
