111
<?php require("conf/config.php"); if (isset($_REQUEST['id'])) { $id = $_REQUEST['id']; if (preg_match("/d.+?D.+/is",$id)){ die("Attack detected"); } $query = "SELECT text from UserInfo WHERE id = " . $id. ";"; $results = $conn->query($query); echo "学号:" . $id . ",成绩为: ".$results->fetch_assoc()['text']; } ?>