关于substr的错误使用
<?php$name = substr(addslashes($_GET['name']),1);
$sql = "select * from users where username = '$name' limit 1";
echo $sql;
?> 浏览器访问:http://localhost/magic_quotes_gpc.php?order_sn=' and 2*3=6-- +
程序返回
select * from users where username = '' and 2*3=6 -- ' limit 1
即可构造注入
页:
[1]