???SQL??????????

???????????? ???????[ 2017/3/17 10:08:16 ] ????????????? SQL

??????????
??????????????????????????????????????????????????????????????????? SQL ??????
????<code>select * from T where f1 = ‘{value1}’ and f2 = {value2}
????</code>
??????????????????????????????????
????<code>value1=hello
????value2=5
????</code>
????????????????? SQL ????????????????????
????<code>select * from T where f1=’hello’ and f2=5
????</code>
????????????????????????????μ???????????
????<code>value1=anything’ or 1=1 or f1=’whatever
????value2=5
????</code>
???????????????????
????<code>select * from T where f1=’anything’ or 1=1 or f1=’whatever’ and f2=5
????</code>
????????????????????????????塣?????????????????? SQL ??????????????????????κ???????????? HTML ?? shell ?????
???????????????????
????SQL ?????????????????????token ?????????????乫??????????????????????????????????? SQL ?????????????????????????????????????????????????????????? SQL ????????????????????????????????????У???????????????????????? SQL ????????????????????????????????????κο??????????? SQL ???????
????????1???????????????????????????????????? ????1????????
????SQL ??????????????1????????????????? lisp ??????????????2?????????????
????<code>a OP1 b OP2 c <=> (OP1 a (OP2 b c))
????</code>
????a??b??c ???????????OP1??OP2 ????????????
???????????????????
????<code>(select * T (and (= f1 ‘{value1}’) (= f2 {value2})))
????</code>
????????????????????????????????????????? SQL ??????????????????????????????????????????????????????????????????????????????????
????<code>(select * T (and (= f1 ‘anything’ or 1=1 or a=’whatever’) (= f2 5)))
????</code>
????????????????????????
????<code>(select * T (or (= f1 ‘anything’) (or (=1 1) (and (= a ‘whatever’) (= f2 5)))))
????</code>
????????????????????????????????????????
????????2??????????
????????????????????????????????????????????????????
????<code>a OP1 b OP2 c <=> OP1(a??OP2(b??c))
????</code>
?????????е????
????<code>select( *??T??and(=(f1??'{value1}’)??=(f2??{value2})))
????</code>
????????????佫??????????
????<code>select( *??T??and(=(f1??’anything’ or 1=1 or a=’whatever’)??=(f2??5)))
????</code>
?????????????????д???
????<code>select( *??T??or(=(f1??’anything’??or(=(1??1)??and(=(a??’whatever’)??=(f2??5))))))
????</code>
????????????????????????顣??????????????????????????????
????????3???????????object notation??
????????????????????????????????????????????
????<code>a OP1 b OP2 c <=> a.OP1(b).OP2(c)
????</code>
????????????
????<code>T.where(f1.=(‘{value1}’).and(f2.=({value2})).select(*)
????</code>
?????????????????????
????<code>T.where(f1.=(‘anything’ or 1=1 or a=’whatever’).and(f2.=5)).select(*)
????</code>
???????????????????????????????????????????????д?????????
????????2??? SQL ??????????? token
????keyword ???????????????????? token??????????????????????????λ?á?????????????????????????????????? keyword ?滻???? keyword??????????????????????????????????? SQL ????е? keyword ????????????????????? brainfuck????
????<code>{“select“:”iph0ohKi”?? “*“:”ieZoh4xa”?? “from“:”aeZi5uja”?? “where“:”OoJ4aX4n”?? “=“:”eeQu2Zad”?? “(“:”eiD5aera”??”)“:”Soo2uach”?? “or“:”Ocaig5Es”}</code>
??????????????????????????????? ?????????????У?
????<code>T <=> @phai1Oa6@T@
????hello <=> @phai1Oa6@hello@
????</code>
????phai1Oa6 ????????????????С??????????Σ??????
????<code>select * from T where f1 = ‘{value1}’ and f2 = {value2}
????</code>
??????????
????<code>iph0ohKi ieZoh4xa aeZi5uja @phai1Oa6@T@ OoJ4aX4n @phai1Oa6@f1@ eeQu2Zad ‘{value1}’ @phai1Oa6@and@ @phai1Oa6@f2@ eeQu2Zad {value2}
????</code>
?????????????????? brainfuck ????????????????????????
????<code>iph0ohKi ieZoh4xa aeZi5uja @phai1Oa6@T@ OoJ4aX4n @phai1Oa6@f1@ eeQu2Zad ‘anything‘ or 1=1 or a=’whatever’ @phai1Oa6@and@ @phai1Oa6@f2@ eeQu2Zad 5
????</code>
?????????????????????? token ?? ‘or’ ?? ‘=’????????????? brainfuck ??????????????????????????????????????
????<code>or <=> Ocaig5Es
????= <=> eeQu2Zad
????</code>
??????Щ token ??????????????????????????????
????<code>or <=> @phai1Oa6@or@
????= <=> @phai1Oa6@=@
????</code>
???????仰??????????????ò????????????????
????????3???????????
?????????????????????????е? token ?м?????
????<code>[1] select [2] * [3] from [4] T [5] where [6] f1 [7] = [8] ‘{value1}’ [9] and [10] f2 [11] = [12] {value2}
????</code>
????12 ????????????????????????? 12??????????????????????????????????
????<code>[1] select [2] * [3] from [4] T [5] where [6] f1 [7] = [8] ‘anything’ [9] or [10] 1 [11] = [12] 1 [13] or [14] a [15] = [16] ‘whatever’ [17] and [18] f2 [19] = [20] 5
????</code>
?????????? 20 ?? token ??Υ???????????????????????????????????????????????????????????brainfuck ???????????????????????? token ??????仯??
?????????????????????????????????????????????????????????????????????????
????????
??????Щ???????????????? SQL ????????????С?????? SQL ??????????????????????С?????????????????????????????????????У?????????????????????????????ж?????????????????仰?????????????????????????????????????????????????
?????????????????????SQL ????????????????????????治????????????????????????????????????????????ɡ?
????????????ò????????δ????????? brainfuck ?????????????????δ???????????????????????????????????????????
???????????????????????????
???????????original source????https://bitcoinrevolt.wordpress.com/2016/03/08/solving-the-problem-of-sql-injection-requires-another-approach/
????????????author????eriksank
??????? ?1???????????????????????????????????????????????????? ????????????????????????????м?????3 + 4??????????????????+ 3 4????????????????3 4 +??????????????????????????????????????????????????????????????????÷???https://zh.wikipedia.org/wiki/%E4%B8%AD%E7%BC%80%E8%A1%A8%E7%A4%BA%E6%B3%95
?????2?????????????Polish notation??????????????????????????????????????????????????????????????????棬?????????????????https://zh.wikipedia.org/wiki/%E6%B3%A2%E5%85%B0%E8%A1%A8%E7%A4%BA%E6%B3%95 ????? ????? SQL ?????????? ??| ??????????????????????????????mysql?????????.