<?php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "injection";
$id=$_GET['id'];//id未经过滤
$conn=mysql_connect($servername,$dbusername,$dbpassword) or die ("数据库连接失败");
mysql_select_db($dbname,$conn);
mysql_query('set names utf8');
$sql = "SELECT * FROM article WHERE articleid='$id'";
echo $sql."<br>";
$result = mysql_query($sql,$conn);
$row = mysql_fetch_array($result);
echo "<p>利用SQL注入漏洞拖库<p>";
if (!$row){
echo "该记录不存在";
exit;
}
echo "标题<br>".$row['title']."<p>";
echo "内容<br>".$row['content']."<p>";
?>
- 1
- 2
- 3
- 4
- 5
- 6
前往页