关于substr的错误使用

1. <?php
   
2. $name = substr(addslashes($_GET['name']),1);
   
3. $sql = "select * from users where username = '$name' limit 1";
   
4. echo $sql;
   
5. ?>

复制代码

浏览器访问：http://localhost/magic_quotes_gpc.php?order_sn=' and 2*3=6  -- +
程序返回

1. select * from users where username = '' and 2*3=6 -- ' limit 1

复制代码

即可构造注入