DVWA学习-SQL Injection-Level Low

SQL Injection

SQL注入攻击,又是一个简单问题。直接上结果吧!

DVWA-SQL
还是直接上代码吧,感觉DVWA LOW的题目实在是太简单了,我应该从中级开始做才好~~~

<?php     

if(isset($_GET['Submit'])){ 
     
    // Retrieve data 
     
    $id = $_GET['id']; 

    $getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'"; 
    $result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>' ); 

    $num = mysql_numrows($result); 

    $i = 0; 

    while ($i < $num) { 

        $first = mysql_result($result,$i,"first_name"); 
        $last = mysql_result($result,$i,"last_name"); 
         
        echo '<pre>'; 
        echo 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last; 
        echo '</pre>'; 

        $i++; 
    } 
} 
?>

很明显的SQL注入漏洞,啥都不说了~~注释符号都不用加~~