CREATE TABLE `article` (
`articleid` int(11) NOT NULL AUTO_INCREMENT,
`title` varchar(100) CHARACTER SET utf8 NOT NULL DEFAULT '',
`content` text CHARACTER SET utf8 NOT NULL,
PRIMARY KEY (`articleid`)
) ENGINE=MyISAM AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;

<?php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "test";
$id=$_GET['id'];//id未經過濾
$conn=mysql_connect($servername,$dbusername,$dbpassword) or die ("數據庫連接失敗");
mysql_select_db($dbname,$conn);
mysql_query('set names utf8');
$sql = "SELECT * FROM article WHERE articleid='$id'";
$result = mysql_query($sql,$conn);
$row = mysql_fetch_array($result);
echo "<p>利用SQL注入漏洞拖庫<p>";
if (!$row){
echo "該記錄不存在";
exit;
}
echo "標題<br>".$row['title']."<p>";
echo "內容<br>".$row['content']."<p>";
?>