Mysql-An example of Php-mysql injection attack

mysqlphp instance Database

Can I instantiate an injection attack based on the PHP MySQL class?

PHP VERSION 5.6.3

Failed while attempting a simulated injection attack. The SQL statement was printed and the script copied directly to MySQL Workbench was able to drop the database successfully, but always reported a syntax error while running locally, asking where the error was and how to instantiate such an attack.

  error_reporting (e_all^e_notice^e_warning^e_deprecated); $data = $_ get[' SQL ']; $data 2 = mysql_real_escape_string ($data); $sql = "INSERT into Test (' $data ');"; $SQLX = "INSERT into Test" VALUES (' $data 2 '); "; echo $sql. ' 
 '; Echo $sqlx. '
 
 '; mysql_query ($sql); echo mysql_error ();  

The above link section,
Access URL is test.php?sql=values%27);%20drop%20database%20test;%20--%20

Output is
INSERT into test values (' values '); DROP DATABASE test; -- ');
INSERT into Test VALUES (' values\ '); DROP DATABASE test; -- ');
you have a error in your SQL syntax; check the manual, corresponds to your MySQL server version for the right SYN "DROP DATABASE test; --') ' at line 1

The second row has been anti-injection processing can be performed, but one did not do the processing, still error

