前几天有在做swpu-ctf,记录下这次有用上的一些姿势MySQL过滤逻辑运算符后如何拼接- select password from user where user='root'-1; //无返回 select password from user where user='root'-0; //返回 + //和-效果一样 / select password from user where user='root'/1; //返回 select password from user where user='root'/0; //无返回 % //和/效果...