how mysql treat the hex in sql statement

Question

I know a little SQL injection about php and i read some posts about sqli!the posts say when hackers want to get the column names of a table,they will use

select group_concat(column_name) from information_schema.columns where table_name=0x7573657273

in the statement "0x7573657273" is the hex string of "users".surprisingly，when I execute this statement in mysql console,it will exactly return the colunms of table users. does it mean mysql will automately convert hex to string,eg convert "0x7573657273" to "uses" or convert "0x3D" to "="? does it mean mysql can understand what the hex means?

vijaykumar · Accepted Answer · 2014-01-08T06:28:33.390

1

In string contexts, MySQL treats hexadecimal values as binary strings, where each pair of hex digits is converted to a character.

Refer link: http://dev.mysql.com/doc/refman/5.0/en/hexadecimal-literals.html

edited Jan 08 '14 at 06:28

answered Jan 08 '14 at 06:15

vijaykumar

4,658
6
37
54

does mysql automately covert to this? – ChainWay Jan 08 '14 at 06:20
Yes , check this http://dev.mysql.com/doc/refman/5.0/en/hexadecimal-literals.html – vijaykumar Jan 08 '14 at 06:27
But be aware that you need to [`convert` it to UTF-8 for output](http://stackoverflow.com/questions/4256657/unicode-character-literals-in-mysql/28155621#28155621) if you use non-ASCII characters – Pacerier Jan 26 '15 at 17:44

how mysql treat the hex in sql statement

1 Answers1