<?php
$conn = mysql_connect('localhost','root','')or die("<font color=red>不能连接数据库!</font>");
$db = mysql_select_db('test',$conn);
mysql_query("set names 'gbk'");//如果是这行,就可以注入了
//mysql_query("SET character_set_connection='gbk',character_set_results='gbk',character_set_client=binary");//换成这行,就可以防止注入了
$username = $_GET['username'];
$query = "select * from zp where class_id='27' and flag=0 and username='$username' order by id desc limit 1";
echo $query;
$result = mysql_query($query);
$row = mysql_fetch_array($result);
print_r($row);
?>
get变量:?username=test%d5%27%20or%20id=1%23
------------------------------
参考来源:http://hi.baidu.com/cdcxdzj/blog/item/43a514f7017711c3f3d38515.html
