Sql注入源码 --- mysql

<?php

    header("content-type:text/html;charset=UTF-8");

    $id = $_GET['id'];

    $conn = mysql_connect('127.0.0.1','root','root') or die("could not connect:".mysql_error());    ##数据库连接

    mysql_select_db('test',$conn) or die('can not use:'.mysql_error());

    $sql = "select * from guestbook where comment_id='{$id}'";    

    $cun = mysql_query($sql) or die(mysql_error());

    echo "<h2>回显：</h2><br>";

    while($row = mysql_fetch_array($cun)){

        echo "标题：".$row['name']."<br>";

        echo "内容：".$row['comment']."<br>";

        echo "<hr>";

    };

    mysql_close($conn);

    echo "您当前执行的SQL语句：";

    echo urldecode($sql);

?>