# 标题写的不太好,原意在写一个程序好比说注射机的时候,方便测试。
# 代码有点冗长。
<? $id = $_GET['id']; $server_name = "DB_SERver"; $username = "DBuser"; $password = "DBuser_Pass"; $database = "Select_DB"; $db = new mysqli($server_name, $username, $password,$database); $query = "select * from admin where id=$id"; $result=$db->query($query); if($num_results = $result->num_rows){ $row = $result->fetch_assoc(); foreach($row as $key=>$value){ echo $key.":=:"; echo $value; echo '<br />'; } }?><html><head><title>SQL InJection Test</title><body><pre> 这里是 空的 怎么~ 飞了~ 难道</pre></body></html>