数据可视化
条形图(Bar plots)
基本条形图:barplot(height)
,其中height是一个向量或者矩阵
例子:
# vertical barplot |
main是条形图标题,xlab和ylab是横总坐标的标签,最后一个可选参数表示是否为纵条形图
基本条形图:barplot(height)
,其中height是一个向量或者矩阵
例子:
# vertical barplot |
所谓SQL注入,就是通过把SQL命令插入到Web表单提交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行恶意的SQL命令。
在NEUMathe的登陆表单内输入了‘,没有正常的显示登陆失败,而是弹出以下界面:
### Error querying database. Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near at line 2 ### The error may exist in ssm/mapper/StudentMapperCustom.xml ### The error may involve ssm.mapper.StudentMapperCustom.checkStudentExits-Inline ### The error occurred while setting parameters ### SQL: SELECT * FROM Student WHERE Code = and Pwd = |
很明显,这是数据库错误的提示信息,注意到这一行,SELECT * FROM Student WHERE Code = and Pwd =
服务器把单引号传入sql语句中导致这句查询执行错误,于是,找到注入点,输入2016xxxx' or '1'='1
,此时,原来正常的语句由select * from student where code = '2016xxxx' and pwd = 'xxxx'
变
成了select * from student where code = '2016xxxx' or '1'='1' and pwd = 'xxxx'
,点击登陆,居然能成功登陆,pwd密码项被or后面一个恒等式架空了,于是这个语句恒为真,即可以登陆任何人的>账号。