×
单选题
5.小斌正在对小明的网站进行渗透测试,经过一段时间的探测后,小斌发现小明的网站存在一个sql注入漏洞:http://i.xiaoming.com/user/says.php?uid=1845%20skey=2014该地址是用于搜索用户曾经的发言的页面,会返回一些留言信息,小斌简单测试后发现http://i.xiaoming.com/user /says.php?uid=1845%20skey=2014'%20or%202-1%20--%20返回错误信息http://.xiaoming.com/user/says.php?uid=1845%20skey=2014'%20) %200%201-1%20--%20却返回空白信息则小明网站该处逻辑可能的sql语句是:()
A
A.select * from user_says where deleted=0 and uid=$uid and skey like "%$skey%"
B
B.select * from user_says where deleted = 0 and(uid=$uid and skey like '%$skey%')
C
C.select * from user_says where deleted = 0 and(uid=$uid and skey='$key')
D
D.select * from user_says where deleted=0 and uid=$uid and skey='$key'
答案解析
正确答案:C
