<?php
@header('Content-Type: text/html; charset=utf-8'); //网页编码
$db_host="localhost"; //数据库主机
$db_user="root"; //用户名
$db_pass="root"; //密码
$db_name="sql_injection"; //数据库名称
$id=@$_GET['id'];
$conn=mysql_connect($db_host,$db_user,$db_pass);
if(!$conn){
die('Could not connect: ' . mysql_error());
}
mysql_select_db($db_name, $conn);
if($id != ""){
$sql="select * from admin where `id`={$id}";
echo "当前SQL语句 -> : {$sql}";
echo "<br>";
echo "<br>";
$result=mysql_query($sql);
echo "<table border='1'>
<tr>
<td>Id</td>
<td>Username</td>
<td>Password</td>
</tr>
";
while($row = @mysql_fetch_array($result)){
echo "
<tr>
<td>{$row['id']}</td>
<td>{$row['name']}</td>
<td>{$row['password']}</td>
</tr>
";
}
echo "</table>";
echo mysql_error();
}
mysql_close($conn);
自己练习用的SQL注入脚本
猜你喜欢
转载自blog.csdn.net/q1352483315/article/details/89787058
今日推荐
周排行