导致sql注入

Question

我正在学习sql注射,非常感兴趣如何引起这种情况.我写过脚本来看看它是怎么回事.所以这是我的代码=>

if (isset($_POST['act'])){
    if ($connection = mysqli_connect($var['host'],$var['user'],$var['password'],$var['database'])){
        if (mysqli_connect_errno()==0){
            $username = $_POST['username'];
            $password = $_POST['pswd'];
            if ($result = mysqli_query($connection,"SELECT username,password FROM login WHERE username='" . $username . "' AND password='" . $password . "'")){
                if (mysqli_num_rows($result)){
                    header("Location: http://localhost/default.php");
                } else {
                    $res = "Invalid Credentials ...";
                }
            }
        }
    }
}

<form name="action" method="post" action="index.php">
    Username:<input type="text" name="username" size="12"><br>
    Password:<input type="password" name="pswd" size=12><br>
    <input type="submit" name="act" value="Login">
</form>

我在形式上这样写,但没有发生任何事情

用户名和密码形式=> some'OR'1'='1'

我很感兴趣如何导致sql注入破坏这个脚本并且没有有效的凭证重定向到default.php(当然在标记的脚本内)

谢谢 ...

Answer 1

尝试输入' OR 1 --用户名

另外,以防万一,如果你有magic_quotes_gpc残疾:)