第三届NSCTFweb-easy_sql

111

 

 

<?php
  require("conf/config.php");
  if (isset($_REQUEST['id'])) { 
        $id = $_REQUEST['id'];
      if (preg_match("/\d.+?\D.+/is",$id)){
          die("Attack detected");
        }
        $query = "SELECT text from UserInfo WHERE id = " . $id. ";"; 
        $results = $conn->query($query);
        echo "学号：" . $id . "，成绩为： ".$results->fetch_assoc()['text'];
   }
?>