[H!nt] : Source Code SQLi Challenge

1. <?php
2. /* ABaDy SQLi Challenge Level:VeryEasy */
3. $sql = new mysqli("localhost", "SQLi", 'HelloWorld', "SQLi");
4. if(mysqli_connect_errno()) exit("E:".mysqli_connect_error());
5. if($_GET['id'] and !empty($_GET[id])){
6. $ID = ($_GET['id']);
7. $ID = Super_Replace("select","",$ID);
8. $ID = Super_Replace("and","",$ID);
9. $ID = Super_Replace("or","",$ID);
10. $ID = Super_Replace("schema","",$ID);
11. $ID = Super_Replace('admins',"",$ID);
12.  
13.     $d = $sql->query("SELECT * FROM `news` WHERE id={$ID}");
14.     if($d->num_rows){
15.         $new = $d->fetch_array(MYSQLI_ASSOC);
16.         echo "
17.         <html>
18.         <head>
19.         <title>{$new[sub]}</title>
20.         </head>
21.         <body background='https://img.fireden.net/v/image/1510/97/1510977402305.jpg'>
22.         <b><h2><font color='yellow'>{$new[sub]}</font></h2></b>
23.         <h3><font color='yellow'>{$new[text]}</font></h3>
24.         </body>
25.         </html>";
26.     }else{
27.         echo "
28.         <html>
29.         <head>
30.         <title>Error</title>
31.         </head>
32.         <body style='background-size: 100%;'  background='https://img.fireden.net/v/image/1510/97/1510977402305.jpg'>
33.         <b><h2><font color='yellow'>Error SQL Query : {$ID}</font></h2></b>
34.         </body>
35.         </html>";
36.     }
37. }else{
38.     echo "
39.         <html>
40.         <head>
41.         <title>Index</title>
42.         </head>
43.         <body style='background-size: 100%;' background='https://img.fireden.net/v/image/1510/97/1510977402305.jpg'>
44.         <b><h2><font color='yellow'>you can check id 1,2,3,4</font></h2></b>
45.         </body>
46.         </html>";
47. }  
48. function Super_Replace($a,$b,$c){
49.     $a = strtolower($a);
50.     $d = str_replace($a,$b,$c);
51.     if(strpos($d,$a)===false){
52.         return $d;
53.     }else{
54.         return Super_Replace($a,$b,$d);
55.     }
56. }
57. ?>