zayfan 发表于 2005-8-7 00:48

修改头像了暴露SQL语句

Discuz! info: MySQL Query Error

User: zayfan
Time: 2005-8-7 12:46am
Script: /memcp.php

SQL: UPDATE cdb_members SET avatar='images/avatars/image95.gif', WHERE username='zayfan'
Error: You have an error in your SQL syntax near 'WHERE username='zayfan'' at line 1
Errno.: 1064

Similar error report has beed dispatched to administrator before.

[ Last edited by zayfan on 2005-8-7 at 00:58 ]

zayfan 发表于 2005-8-7 00:49

郁闷啊,我改不了头像

Monkeylee 发表于 2005-8-7 01:01

无法注入where子句..hoho

小康 发表于 2005-8-7 12:10

avatars/image95.gif\', WHERE
一个,号,奇怪

hjack 发表于 2005-8-7 13:14

是呀,where前面怎么有个逗号的呀

Monkeylee 发表于 2005-8-7 21:59

94因为有,才出错滴

zayfan 发表于 2005-8-13 08:48

论坛的问题,还是人品的问题?呵呵

寂寞高手 发表于 2005-9-8 13:03

UPDATE cdb_members SET avatar=\'images/avatars/image95.gif\', WHERE username=\'zayfan\'

where 前面多了一个逗号
页: [1]
查看完整版本: 修改头像了暴露SQL语句