id=-1714' UNION ALL SELECT NULL,NULL,CONCAT(0x7162787871
Union select null, null, null, null, null, null, null from information_schema.tables. for a small database containing three tables. this instruction is used in sql injection I tried it and it worked but I didn't really know how it works can somebody help me...
select a,b,null,null from table1 union select null,null,c,d from table2 union select null,null,null,null,e,f from table3.
id=1 LIMIT 1,1 UNION ALL SELECT NULL, NULL, CONCAT(0x3a717a753a,0x58797556477664726652,0x3a6561643a), NULL, NULL#. id=1 AND SLEEP(5).
A field with a NULL value is a field with no value. If a field in a table is optional, it is possible to insert a new record or update a record without adding a value to this
String Functions ASCII Char Charindex Concat Concat with + Concat_WS
Обычная же конкатенация с NULL-значением дает NULL. Вот пример, который это демонстрирует.
select name from battles where year(date) not in (select launched from ships where launched is not null).
IS NULL вернёт истину, если операнд имеет значение NULL и ложь, если он им не является.
11223344) UNION SELECT NULL,NULL,NULL,NULL WHERE 1=2 –- Если нет ошибки, значит синтаксис верный, т.е. используется MS SQL