while am trying to understand sqlinjection i didn't get this part,first this is my code
<?php
include "../chat/db.php";
if (isset($_GET['id'])) {
$id = $_GET['id'];
$query = "select user_n,user_id from users where user_id<$id union select 1,2 ";
$sql = mysqli_query($con, $query);
if ($sql) {
if (mysqli_num_rows($sql) > 0) {
while ($result = mysqli_fetch_assoc($sql))
echo "user name: " . $result["user_n"] . "of the id= " . $result["user_id"] . "</br>";
} else {
echo "there's no results";
}
}
} else {
echo "error";
}
$tt = rand(0, 30);
?>
</br>
<a href=<?php echo "sql.php?id=" . $tt; ?>> <?php echo $tt; ?> </a>
results are fine as u see in this pic results
what i dont understand is this union select 1,2 result
{user name: 1of the id= 2} shows up because
union select 1,2
my question is why it shows up like that please if can some one explain this step of "select 1,2" thank you and sry if something not clear or i explain my point badly.