普通注入 header('content-type: text/html; charset=utf-8'); $id = $_GET['id']; $conn = mysqli_connect('localhost',"root",'root','test'); $sql = "select * from user where id={$id}"; $result = $conn->query($sql); if($conn->connect_error) { die('数据库连接失败:' . $conn->connect_error); } var_dump('当前SQL语句是:' . $sql . "<br />"); @print_r(mysqli_fetch_row($result)); 宽字节注入 gbk编码会把两个字节合并为一个汉字,因为汉字是个多字节组成,从而把用来过滤的\合并,造成了sql语……

阅读全文