php注入代码，方便注入测试

把下面保存成 Test.asp

代码如下:

$mysql_server_name = "localhost";

$mysql_username = "root";

$mysql_password = "password";

$mysql_database = "phpzr"; //??ݿ??

$conn=mysql_connect( $mysql_server_name, $mysql_username, $mysql_password );

mysql_select_db($mysql_database,$conn);

$id=$_GET['id'];

$sql = "select username,password from admin where id=$id";

$result=mysql_db_query( $mysql_database, $sql,$conn );

$row=mysql_fetch_row($result);

?>

Php Sql Injection Test

PHP

注入测试专用

=$row[0]?>

=$row[1]?>

BY:孤狐浪子 QQ:393214425

Blog: Http://itpro.blog.163.com

创建数据库代码：保存成test.sql 使用phpmyadmin执行就ok了

代码如下:CREATE DATABASE `phpzr` ; //创建数据库名称

CREATE TABLE admin (

id int(10) unsigned NOT NULL auto_increment,

username char(10) NOT NULL default '',

password char(10) NOT NULL default '',

useremail char(20) NOT NULL default '',

groupid int(11) NOT NULL default '0',

PRIMARY KEY (id)

) TYPE=MyISAM;

INSERT INTO admin VALUES (1, 'admin', 'itpro.blog.163.com','itpro@163.com', 1);

INSERT INTO admin VALUES (2, 'admin1', 'itpro.blog.163.com','itpro@163.com', 2);

INSERT INTO admin VALUES (3, 'admin2', 'itpro.blog.163.com','itpro@163.com', 3);

INSERT INTO admin VALUES (4, 'admin3', 'itpro.blog.163.com','itpro@163.com', 4);

INSERT INTO admin VALUES (5, 'admin4', 'itpro.blog.163.com','itpro@163.com', 5);

CREATE TABLE admin1 (

id int(10) unsigned NOT NULL auto_increment,

username char(10) NOT NULL default '',

password char(10) NOT NULL default '',

useremail char(20) NOT NULL default '',

groupid int(11) NOT NULL default '0',

PRIMARY KEY (id)

) TYPE=MyISAM;

INSERT INTO admin1 VALUES (1, 'admin', 'itpro.blog.163.com','itpro@163.com', 1);

INSERT INTO admin1 VALUES (2, 'admin1', 'itpro.blog.163.com','itpro@163.com', 2);

INSERT INTO admin1 VALUES (3, 'admin2', 'itpro.blog.163.com','itpro@163.com', 3);

INSERT INTO admin1 VALUES (4, 'admin3', 'itpro.blog.163.com','itpro@163.com', 4);

INSERT INTO admin1 VALUES (5, 'admin4', 'itpro.blog.163.com','itpro@163.com', 5);