PHP 注射风格测试
# 标题写的不太好,原意在写一个程序好比说注射机的时候,方便测试。
# 代码有点冗长。
<?
$id = $_GET['id'];
$server_name = "DB_SERver";
$username = "DBuser";
$password = "DBuser_Pass";
$database = "Select_DB";
$db = new mysqli($server_name, $username, $password,$database);
$query = "select * from admin where id=$id";
$result=$db->query($query);
if($num_results = $result->num_rows){
$row = $result->fetch_assoc();
foreach($row as $key=>$value){
echo $key.":=:";
echo $value;
echo '<br />';
}
}
?>
<html>
<head>
<title>SQL InJection Test</title>
<body>
<pre>
这里是 空的 怎么~ 飞了~ 难道
</pre>
</body>
</html>
$id = $_GET['id'];
$server_name = "DB_SERver";
$username = "DBuser";
$password = "DBuser_Pass";
$database = "Select_DB";
$db = new mysqli($server_name, $username, $password,$database);
$query = "select * from admin where id=$id";
$result=$db->query($query);
if($num_results = $result->num_rows){
$row = $result->fetch_assoc();
foreach($row as $key=>$value){
echo $key.":=:";
echo $value;
echo '<br />';
}
}
?>
<html>
<head>
<title>SQL InJection Test</title>
<body>
<pre>
这里是 空的 怎么~ 飞了~ 难道
</pre>
</body>
</html>