测试代码:
<?php $db_host = 'localhost'; $db_user = 'root'; $db_pass = 'root'; $id = $_REQUEST['sql']; $link = mysql_connect($db_host, $db_user, $db_pass) or die("DB Connect Error:" . mysql_error()); mysql_select_db('test', $link) or die("Can\'t use sqlinject:" . mysql_error()); $sql = "SELECT * FROM zr WHERE id=$id"; $query = mysql_query($sql) or die("Invalid Query:" . mysql_error()); while ($row = mysql_fetch_array($query)) { echo "用户ID:" . $row['Id'] . "<br>"; echo "用户账号:" . $row['user'] . "<br>"; echo "用户密码:" . $row['pass'] . "<br>"; } mysql_close($link); echo "当前查询语句:".$sql."<br>"; ?>
先说下原理吧! 1.apache在php使用request的情况下会先接受POST参数进行传值,如图:
上面的代码可以很明显的看见我接受的sql参数,所以我的GET传参是完全没反应的!
麻烦各位 能看了就看,不能看了别喷我 O(∩_∩)O谢谢
|
|