PostgreSQL:pg_sleep 的串联
PostgreSQL: concatenation of pg_sleep
来自 portswigger 的挑战:https://portswigger.net/web-security/sql-injection/blind/lab-time-delays
我注意到这两个解决方案有效:
' || pg_sleep(10)--
, ' || (SELECT pg_sleep(10)--
但这不是:' || SELECT pg_sleep(10)--
我的问题是有和没有 ()
有什么区别?
Because 这是SQL的语法:
A scalar subquery is an ordinary SELECT query in parentheses that returns exactly one row with one column.
来自 portswigger 的挑战:https://portswigger.net/web-security/sql-injection/blind/lab-time-delays
我注意到这两个解决方案有效:
' || pg_sleep(10)--
, ' || (SELECT pg_sleep(10)--
但这不是:' || SELECT pg_sleep(10)--
我的问题是有和没有 ()
有什么区别?
Because 这是SQL的语法:
A scalar subquery is an ordinary SELECT query in parentheses that returns exactly one row with one column.