SQLi.php
<html>
<body>
<form action="./sqli.php" method="post">
<p>请输入ID号:<input type="text" name="id"></p>
<input type="submit" value="Submit">
</form>
</body>
</html>
<?php
if (isset($_POST['id'])){
$id = $_POST['id'];
$mysql_server_name='localhost';
$mysql_username='root';
$mysql_password='';
$mysql_database='testing';
$conn=mysql_connect($mysql_server_name,$mysql_username,$mysql_password) or die("error connecting") ;
mysql_query("set names 'utf8'");
mysql_select_db($mysql_database);
$sql ="select * from admin where id=".$id; //SQL语句
echo "执行的SQL语句为: " . $sql;
echo "</br/>";
$result = mysql_query($sql,$conn); //查询
while($row = mysql_fetch_array($result)){
echo "<br/>" . "UserName:" . $row['UserName'] . "<br/>" . "PassWord:" . $row['PassWord'] . "<br/>";
}
$filename="fuzz.txt";
$handle=fopen($filename,"a+");
$sql = $sql . "\n\r";
$str=fwrite($handle,$sql);
fclose($handle);
}else{
echo "id为空";
}
?>
DATABASE
创建testing库
CREATE DATABASE `testing` CHARACTER SET utf8 COLLATE utf8_general_ci
创建admin表
CREATE TABLE `admin` (
`id` int NOT NULL AUTO_INCREMENT ,
`UserName` varchar(255) NOT NULL ,
`PassWord` varchar(255) NOT NULL ,
PRIMARY KEY (`id`)
)
插入管理员数据
INSERT INTO `admin` (`id`, `UserName`, `PassWord`) VALUES ('1', 'admin', '123456')
INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('test', '123456')
INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('kefu', '123456')
INSERT INTO `admin` (`UserName`, `PassWord`) VALUES ('caiwu', '123456')