把下面保存成Test.asp
复制代码 代码如下:
<?
$mysql_server_name="localhost";
$mysql_username="root";
$mysql_password="password";
$mysql_database="phpzr";//??ݿ??
$conn=mysql_connect($mysql_server_name,$mysql_username,$mysql_password);
mysql_select_db($mysql_database,$conn);
$id=$_GET['id'];
$sql="selectusername,passwordfromadminwhereid=$id";
$result=mysql_db_query($mysql_database,$sql,$conn);
$row=mysql_fetch_row($result);
?>
<html>
<head>
<metahttp-equiv="Content-Type"content="text/html;charset=utf-8">
<title>PhpSqlInjectionTest</title>
</head>
<body>
<palign="center"><b><fontcolor="#FF0000"size="5"face="华文行楷"></font><fontcolor="#FF0000"size="5"face="华文新魏">PHP
注入测试专用</font></b></p>
<tablewidth="100%"height="25%"border="1"align="center"cellpadding="0"cellspacing="0">
<tr>
<td><?=$row[0]?></td>
</tr>
<tr>
<td><?=$row[1]?></td>
</tr>
</table>
<p><u><fontcolor="#0000FF">BY:孤狐浪子QQ:393214425</font></u></p>
<p><fontcolor="#0000FF">Blog:Http://itpro.blog.163.com</font></p>
<p></p>
</body>
</html>
创建数据库代码:保存成test.sql使用phpmyadmin执行就ok了
复制代码 代码如下:
CREATEDATABASE`phpzr`;//创建数据库名称
CREATETABLEadmin(
idint(10)unsignedNOTNULLauto_increment,
usernamechar(10)NOTNULLdefault'',
passwordchar(10)NOTNULLdefault'',
useremailchar(20)NOTNULLdefault'',
groupidint(11)NOTNULLdefault'0',
PRIMARYKEY(id)
)TYPE=MyISAM;
INSERTINTOadminVALUES(1,'admin','itpro.blog.163.com','itpro@163.com',1);
INSERTINTOadminVALUES(2,'admin1','itpro.blog.163.com','itpro@163.com',2);
INSERTINTOadminVALUES(3,'admin2','itpro.blog.163.com','itpro@163.com',3);
INSERTINTOadminVALUES(4,'admin3','itpro.blog.163.com','itpro@163.com',4);
INSERTINTOadminVALUES(5,'admin4','itpro.blog.163.com','itpro@163.com',5);
CREATETABLEadmin1(
idint(10)unsignedNOTNULLauto_increment,
usernamechar(10)NOTNULLdefault'',
passwordchar(10)NOTNULLdefault'',
useremailchar(20)NOTNULLdefault'',
groupidint(11)NOTNULLdefault'0',
PRIMARYKEY(id)
)TYPE=MyISAM;
INSERTINTOadmin1VALUES(1,'admin','itpro.blog.163.com','itpro@163.com',1);
INSERTINTOadmin1VALUES(2,'admin1','itpro.blog.163.com','itpro@163.com',2);
INSERTINTOadmin1VALUES(3,'admin2','itpro.blog.163.com','itpro@163.com',3);
INSERTINTOadmin1VALUES(4,'admin3','itpro.blog.163.com','itpro@163.com',4);
INSERTINTOadmin1VALUES(5,'admin4','itpro.blog.163.com','itpro@163.com',5);