最近,我在研究一个SQl注入问题。我需要在一个查询中执行多个sql。
def db_query(db_connection, query):
cur = db_connection.cursor()
query_result = []
try:
cur.execute(query)
query_result = cur.fetchall()
except MySQLdb.Error as error:
print(error)
return query_result
首先,我想像这样执行sql
cur = db_connection.cursor()
cur.execute("INSERT INTO reviews VALUES(" + "'" + name_review + "'" + "," + "'" +desc_review + "'" + "," + "'" + product_id + "');delete from reviews; -- " + ")")
db_connection.commit()
发生错误:
(2014, "Commands out of sync; you can't run this command now")
这意味着 python 做了一些事情来防止 sql 注入。
但是当我执行时
db_connection = get_connection()
product_lines = db_query(db_connection,"SELECT productLine, textDescription FROM productlines;drop table reviews;")
db_connection.close()
它有效。有人可以给我一个解释吗?这的机制是什么。谢谢
请参阅上一条消息。
您的查询并不是真正的 SQL 注入。
要测试 SQL 注入,请尝试以下操作:
sql = "INSERT INTO reviews VALUES(name_review, desc_review, product_id) VALUES (%s, %s, %s)"
val = (name_review, desc_review, product_id + "; delete from reviews; --")
cur.execute(sql, val)