? ? ? Black question mark
https://www.cnblogs.com/20175211lyz/p/11435298.html
https://www.cnblogs.com/kevinbruce656/p/11342580.html
The source of this problem, we want to help Gangster
<?php $dbuser='root'; $dbpass='root'; function Safe ( $ SQL ) { # Content filtering function is not substantially filtered $ BLACKLIST = Array ( '', '||', '#', '-', ';', '&', '+', ' or ',' and ',' ` ','" ',' insert ',' group ',' limit ',' update ',' delete ',' * ',' into ',' union ',' load_file ' , 'outfile', '/.' ); the foreach ( $ BLACKLIST AS $ blackitem ) { IF ( stripos ( $ SQL , $ blackitem )) { return False ; } } return True; } if(isset($_POST['id'])){ $id = $_POST['id']; }else{ die(); } $db = mysql_connect("localhost",$dbuser,$dbpass); if(!$db){ die(mysql_error()); } mysql_select_db("ctf",$db); if(safe($id)){ $query = mysql_query("SELECT content from passage WHERE id = ${id} limit 0,1"); if($query){ $result = mysql_fetch_array($query); if($result){ echo $result['content']; }else{ echo "Error Occured When Fetch Result."; } }else{ var_dump($query); } }else{ die("SQL Injection Checked."); }