在sqli-labs练习sql注入时,不太明白这里uname和passwd变量的使用,可以帮忙解答一下吗?看了一下教程需要使用双引号闭合,为什么?
// connectivity
$uname='"'.$uname.'"';
$passwd='"'.$passwd.'"';
@$sql="SELECT username, password FROM users WHERE username=$uname and password=$passwd LIMIT 0,1";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
if($row)
{
//echo '';
echo "
";
echo '';
//echo " You Have successfully logged in " ;