First of all, to draw on the injection point, the previous injection point is such a http://www.xxx.com/show.php?id=1, a typical digital injection.
$id =$_get[' id '];//gets the values passed by the Get method and assigns them to the variable.
Since it is injected then be sure to manipulate the database.
$con = mysql_connect (' 127.0.0.1 ', ' root ', ' root ');//Connect the database using the Connect function, then assign the value to the variable, connect this function has three
The parameters are the database address, account number, password, respectively.
mysql_select_db (' database name ', $con);//mysq_select_db function Specifies the database of the query
$sql = "SELECT * from table name where id= $id";//use a variable to hold the SQL statement for the query.
Echo mysql_result (mysql_query ($sql), 0, ' username ')//Here are the functions of result and query, mysql_result () function to return the results set
The value of a field, the Mysql_query function executes the SQL statement, and this returns the contents of the Username field.
I've got five fields here.
When Id=1 returns the value of username, it is one.
There are five fields known, so let's see if they can be injected.