-
Notifications
You must be signed in to change notification settings - Fork 0
/
sqli.php
105 lines (91 loc) · 2.57 KB
/
sqli.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<html>
<?php
include 'head.php';
?>
<head>
<title>SQL注入</title>
<center>
<h1><b>SQL注入演练</b></h1>
</center>
</head>
<body>
<script>
function submitform(){
var form11 = document.getElementById("selects").value;
var form22 = document.getElementById("id").value;
var arr = new Array();
arr.push(form11);
arr.push(form22);
return arr;
}
</script>
<script>
function getlevel(){
var obj = document.getElementById('selects');
//alert(obj.value);
return obj.value;
}
</script>
<center>
<form id="form2" method="get" action="sqli.php">
<table border="2">
<tr>
<td>ID:<input type="text" name="id" id="id"></td>
</tr>
</table>
<!-- <input type="button" value="提交" onclick="submitform()">-->
<input type="submit">
</form>
</center>
<?php
// $level = "<script>document.write(getlevel())</script>";
$level = $_COOKIE['cookie']['level'];
$id = isset($_GET['id'])?$_GET['id']:null;
// echo $level."<br>";
// echo $id."<br>";
//低级别
if ($level == 'low'){
echo "<h3>当前级别为:".$level."</h3><br>";
query($id);
}
elseif ($level == 'mid'){
echo "<h3>当前级别为:".$level."</h3><br>";
if (strpos($id,'select') || strpos($id,'and')){
echo "<script>alert('检测到恶意代码')</script>";
die();
}
query($id);
}
elseif ($level == 'high'){
echo "<h3>当前级别为:".$level."</h3><br>";
if (preg_match_all('/\W/',$id)){
echo "<script>alert('检测到恶意代码')</script>";
die();
}
query($id);
}
else {
echo "<h2>请检查参数</h2><br>";
}
function query($id){
//连接数据库
$con = new mysqli("127.0.0.1","root","","my_db");
if ($con->connect_errno){
echo "<h2>连接数据库失败!</h2><br>";
die();
}
$sql = "select ID, sex, age, email from Persons WHERE ID=$id";
echo "<h3>正在查询:".$sql."</h3><br>";
$result = $con->query($sql);
echo "<br><h3>".$con->error."</h3><br>";
while (@$row = $result->fetch_assoc()) {
echo "<h3>ID:" . $row["ID"] . "</h3><br>";
echo "<h3>性别:" . $row["sex"] . "</h3><br>";
echo "<h3>年龄:" . $row["age"] . "</h3><br>";
echo "<h3>Email:" . $row["email"] . "</h3><br>";
}
$con->close();
}
?>
</body>
</html>