<?php
echo "Hello test <br>";
$userid = $_GET['userid'];
echo "your user userid is " . $userid . " &";
$salt = $_GET['salt'];
echo " your user salt is " . $salt;
// Query for finding the data from db
// Issue in query
$sql = "SELECT * FROM test.test where id=" .$userid AND "salt=".$salt;
echo "<br>" . $sql;
$result = $conn->query($sql);
if (!empty($result))
{
echo "<br>Result Found";
}
else
{
echo "<br> Invalid link !";
}
// }
?>
我的查询无法正常运行。如果我将查询减少到id=".$userid它可以正常工作,但如果我添加剩余部分则无效。
答案 0 :(得分:1)
$sql行应为:
$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id=".$userid." AND salt=".$salt;
答案 1 :(得分:0)
$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id = $userid AND salt = $salt";
试试吧。
答案 2 :(得分:0)
$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id = $userid AND salt = '$salt' ";
您也可以参考here进行sql注入