-1

I've created a simple table and php codes to inject it : here is my php codes :

<?php
$link = mysql_connect("localhost","root","");
mysql_select_db("test",$link);
$id = @$_GET["id"];
if($id != ""){
    mysql_query("delete from students where id=" .$id,$link);
}
?>

As id in link bar I intered : 

1 ; drop table students ;

But it didn't work. What is the problem ? thanks

4

2 回答 2

0

因为 mysql_query 不支持这种特殊类型的注入

于 2013-09-10T12:01:05.397 回答
0

mysql_query() 将唯一查询(不支持多个查询)发送到服务器上与指定关联的当前活动数据库

http://us3.php.net/manual/en/function.mysql-query.php

所以
丢表学生;

永远不会被处决

于 2013-11-21T16:28:20.663 回答