自己练习用的SQL注入脚本

<?php
@header('Content-Type: text/html; charset=utf-8'); //网页编码
$db_host="localhost"; //数据库主机
$db_user="root"; //用户名
$db_pass="root"; //密码
$db_name="sql_injection"; //数据库名称
$id=@$_GET['id'];
$conn=mysql_connect($db_host,$db_user,$db_pass);
if(!$conn){
    die('Could not connect: ' . mysql_error());
}
mysql_select_db($db_name, $conn);
if($id != ""){
    $sql="select * from admin where `id`={$id}";
    echo "当前SQL语句 -> : {$sql}";
    echo "<br>";
    echo "<br>";
    $result=mysql_query($sql);
    echo "<table border='1'>
          <tr>
          <td>Id</td>
          <td>Username</td>
          <td>Password</td>
          </tr>
    ";
    while($row = @mysql_fetch_array($result)){
        echo "
                <tr>
                <td>{$row['id']}</td>
                <td>{$row['name']}</td>
                <td>{$row['password']}</td>
                </tr>

                ";
    }
    echo "</table>";
    echo mysql_error();
}


mysql_close($conn);