我正在创建一个SQL注入演示作为我班级的项目.我已经创建了一个登录页面,但我似乎无法注入它.这是我为该页面编写的内容.我试过盲目SQLi用username字段创建多个子句.我能想到的唯一另一件事是使用子查询或更改我的代码以使其更容易.
编辑*试图注入用户名字段*
<?php // Check to see if there was a request method that is a post type
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
// Check to see if username field is null
if (!empty($_POST['username'])) {
// Connect to the server using credentials
$con = mysql_connect('localhost','root','sqlcool1');
// If the connection was not successful
if (!$con){
echo 'OUCH';
die('Could not connect: '.mysql_error());
}
// Select the correct database from the server
$db = mysql_select_db('injectme',$con);
// Pass a sql query through the table …