mysql - 这个sql注入该怎么解释呢？

Question

http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

这是个防止sql注入的一个问题。这个问题有点看不懂，

$unsafe_variable = $_POST['user_input']; 

mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')");
INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')

这个是怎么做到sql注入的，一条查询语句可以执行insert to 语句和drop table 语句？？

Answer 1

The parameter passed in

is value'); DROP TABLE table;--. Do you understand?

Answer 2

mysql_query cannot execute multiple statements, but it can be used by updatexml and extendvalue to obtain other data information.

INSERT INTO users (id, username, password) VALUES (2,'Olivia' or updatexml(1,concat(0x7e,(version())),0) or'', 'Nervo');

INSERT INTO users (id, username, password) VALUES (2,'Olivia' or extractvalue(1,concat(0x7e,database())) or'', 'Nervo');

Reference: Use insert, update and delete injection to obtain data