huli
contact me: aszx87410@gmail.com
可惜你都碰不到
function login(username, password){
let result = mysql.query(
`SELECT * FROM Users
WHERE username = '${username}' AND password='${password}'`
)
// 有拿到資料,
if (result.rows.length > 1) {
return true;
}
return false;
}
SELECT * FROM Users
WHERE username = '${username}'
AND password='${password}'
SELECT * FROM Users
WHERE username = '${username}'
AND password='${password}'
SELECT * FROM Users
WHERE username = 'huli'
AND password='123abc'
SELECT * FROM Users
WHERE username = '' or 1=1#'
AND password=''
username = ' or 1=1#
SELECT * FROM Users
WHERE username = '' or 1=1#'
AND password=''
username = ' or 1=1#
SELECT * FROM Users
WHERE username = 'a' and 1=1#'
AND password=''
username = a' and 1=1#
By huli