把下面保存成Test.asp

复制代码 代码如下:

<?

$mysql_server_name="localhost";

$mysql_username="root";

$mysql_password="password";

$mysql_database="phpzr";//??ݿ??

$conn=mysql_connect($mysql_server_name,$mysql_username,$mysql_password);

mysql_select_db($mysql_database,$conn);

$id=$_GET['id'];

$sql="selectusername,passwordfromadminwhereid=$id";

$result=mysql_db_query($mysql_database,$sql,$conn);

$row=mysql_fetch_row($result);

?>

<html>

<head>

<metahttp-equiv="Content-Type"content="text/html;charset=utf-8">

<title>PhpSqlInjectionTest</title>

</head>

<body>

<palign="center"><b><fontcolor="#FF0000"size="5"face="华文行楷"></font><fontcolor="#FF0000"size="5"face="华文新魏">PHP

注入测试专用</font></b></p>

<tablewidth="100%"height="25%"border="1"align="center"cellpadding="0"cellspacing="0">

<tr>

<td><?=$row[0]?></td>

</tr>

<tr>

<td><?=$row[1]?></td>

</tr>

</table>

<p><u><fontcolor="#0000FF">BY:孤狐浪子QQ:393214425</font></u></p>

<p><fontcolor="#0000FF">Blog:Http://itpro.blog.163.com</font></p>

<p></p>

</body>

</html>

创建数据库代码：保存成test.sql使用phpmyadmin执行就ok了

复制代码 代码如下:

CREATEDATABASE`phpzr`;//创建数据库名称

CREATETABLEadmin(

idint(10)unsignedNOTNULLauto_increment,

usernamechar(10)NOTNULLdefault'',

passwordchar(10)NOTNULLdefault'',

useremailchar(20)NOTNULLdefault'',

groupidint(11)NOTNULLdefault'0',

PRIMARYKEY(id)

)TYPE=MyISAM;

INSERTINTOadminVALUES(1,'admin','itpro.blog.163.com','itpro@163.com',1);

INSERTINTOadminVALUES(2,'admin1','itpro.blog.163.com','itpro@163.com',2);

INSERTINTOadminVALUES(3,'admin2','itpro.blog.163.com','itpro@163.com',3);

INSERTINTOadminVALUES(4,'admin3','itpro.blog.163.com','itpro@163.com',4);

INSERTINTOadminVALUES(5,'admin4','itpro.blog.163.com','itpro@163.com',5);

CREATETABLEadmin1(

idint(10)unsignedNOTNULLauto_increment,

usernamechar(10)NOTNULLdefault'',

passwordchar(10)NOTNULLdefault'',

useremailchar(20)NOTNULLdefault'',

groupidint(11)NOTNULLdefault'0',

PRIMARYKEY(id)

)TYPE=MyISAM;

INSERTINTOadmin1VALUES(1,'admin','itpro.blog.163.com','itpro@163.com',1);

INSERTINTOadmin1VALUES(2,'admin1','itpro.blog.163.com','itpro@163.com',2);

INSERTINTOadmin1VALUES(3,'admin2','itpro.blog.163.com','itpro@163.com',3);

INSERTINTOadmin1VALUES(4,'admin3','itpro.blog.163.com','itpro@163.com',4);

INSERTINTOadmin1VALUES(5,'admin4','itpro.blog.163.com','itpro@163.com',5);