[zero basis] SQL injection for PHP code audit

    In the eyes of many people , The basis of code audit is code , That's right , But if you can't code , Can we learn code auditing ？

      The answer is ： Sure （ However, due to the limited reading ability of personal code , Many vulnerabilities may not be so easy to be noticed ）

0x01 The preparation process

     Before we start, we need to know some necessary things we need to prepare , Of course, we are not talking about the environment required for code audit , But some information we need to consult in the process of code audit .

1：php Official website

https://www.php.net/

The main function is to view the function function , Our article mainly talks about sql Inject , Except, of course sql Functions related to vulnerabilities other than injection can also be passed php Viewed on the official website , Of course, in order to improve myself php Code reading ability can also pass php Learn on the official website .

2： Rookie College

https://www.runoob.com/php/php-tutorial.html

Rookie College php The page is not as complete as the functions on the official website , But rookie college is mainly for learning , It can improve personal code reading ability .

0x02 sql The generation of Injection

     In previous articles , You may have been right sql Injection has a certain understanding , Let's not introduce too much , Students who don't understand can read our past articles , Let's look directly at the code , With sqli-labs Medium less-1 For example , The page code is as follows ：

<