强网杯-最好的语言100分

best_language_PT100.php

<?php
 
//TODO: connect to DB 
 
$id = $_GET['id'];
 
//TODO: sqli filter
 
$secretId = 1024;
if($id == $secretId){
    echo 'Invalid id ('.$id.').';
}
else{
    $query = 'SELECT * FROM notes WHERE id = \''.$id.'\';';
    $result = mysql_query($query,$conn);
    $row = mysql_fetch_assoc($result);
 
    echo "notes: ".$row['notes']."</br>";
}
?>