不知何故,我在 mysql 慢查询日志文件中将 sleep() 函数注入到许多查询中。在项目的源代码中没有使用这样的功能,在 apache 访问日志中它也不存在......那个注入是怎么来的?
例子:
Count : 64 (0.05%)
Time : 156971.170609 s total, 2452.674541 s avg, 1635.656901 s to 3269.711339 s max (0.00%)
95% of Time : 143892.367342 s total, 2398.206122 s avg, 1635.656901 s to 3269.692319 s max
Lock Time (s) : 13.918 ms total, 217 <B5>s avg, 39 <B5>s to 3.076 ms max (0.00%)
95% of Lock : 6.909 ms total, 115 <B5>s avg, 39 <B5>s to 1.026 ms max
Rows sent : 1 avg, 1 to 1 max (0.00%)
Rows examined : 817 avg, 817 to 817 max (0.00%)
Database :
Users :
hostname and IP address : 100.00% (64) of query, 87.12% (106190) of all users
Query abstract:
SET timestamp=N; SELECT COUNT(*) AS total FROM new_forum_topics WHERE status = N AND forum_id = N AND sleep(N) AND posts_count > N ORDER BY inserted ASC;
Query sample:
SET timestamp=1344768385;
SELECT count(*) as total
FROM `new_forum_topics`
WHERE `status` = 1
AND `forum_id` = 6 and sleep(2)
AND `posts_count` > 0
ORDER BY `inserted` ASC;
但在代码中查询看起来像
$sql = "SELECT count(*) as total
FROM `new_forum_topics`
WHERE `status` = ".intval($this->STATUS_ACTIVE)."
AND `forum_id` = ".intval($forum_id)."
AND `posts_count` > 0
ORDER BY `inserted` ASC;";