阅读背景:

DWVA-关于SQL注入的漏洞详解

来源:互联网 
low等级

代码如下:

 

1 <?php 2 3 if( isset( $_REQUEST[ 'Submit' ] ) ) { 4 // Get input 5 $id = $_REQUEST[ 'id' ]; 6 7 // Check database 8 $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; 9 $result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' ); 10 11 // Get results 12 while( $row = mysqli_fetch_assoc( $result ) ) { 13 // Get values 14 $first = $row["first_name"]; 15 $last = $row["last_name"]; 16 17 // Feedback for end user 18 echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>"; 19 } 20 21 mysqli_close($GLOBALS["___mysqli_ston"]); 22 } 23 24 ?> 1 <?php 2 3 if( isset( $_REQUEST[ 'S



你的当前访问异常,请进行认证后继续阅读剩余内容。

分享到: