diff --git a/.vscode/numbered-bookmarks.json b/.vscode/numbered-bookmarks.json
new file mode 100644
index 0000000..5916671
--- /dev/null
+++ b/.vscode/numbered-bookmarks.json
@@ -0,0 +1,3 @@
+{
+	"files": []
+}
\ No newline at end of file
diff --git a/代码和工具/Seay源代码审计系统.exe b/代码和工具/Seay源代码审计系统.exe
new file mode 100755
index 0000000..465a3b6
Binary files /dev/null and b/代码和工具/Seay源代码审计系统.exe differ
diff --git a/代码和工具/演示源码/.DS_Store b/代码和工具/演示源码/.DS_Store
new file mode 100755
index 0000000..79992a2
Binary files /dev/null and b/代码和工具/演示源码/.DS_Store differ
diff --git a/代码和工具/演示源码/2020CodeAudit-书上的代码.zip b/代码和工具/演示源码/2020CodeAudit-书上的代码.zip
new file mode 100755
index 0000000..42a9d6d
Binary files /dev/null and b/代码和工具/演示源码/2020CodeAudit-书上的代码.zip differ
diff --git a/代码和工具/演示源码/74cms-v3.5.1.rar b/代码和工具/演示源码/74cms-v3.5.1.rar
new file mode 100755
index 0000000..e74900f
Binary files /dev/null and b/代码和工具/演示源码/74cms-v3.5.1.rar differ
diff --git a/代码和工具/演示源码/CMS源代码.zip b/代码和工具/演示源码/CMS源代码.zip
new file mode 100755
index 0000000..3d54a6a
Binary files /dev/null and b/代码和工具/演示源码/CMS源代码.zip differ
diff --git a/代码和工具/演示源码/DedeCms_v5.6-GBK.tar.gz b/代码和工具/演示源码/DedeCms_v5.6-GBK.tar.gz
new file mode 100755
index 0000000..0867d03
Binary files /dev/null and b/代码和工具/演示源码/DedeCms_v5.6-GBK.tar.gz differ
diff --git a/代码和工具/演示源码/Discuz_X3.2_SC_UTF8.zip b/代码和工具/演示源码/Discuz_X3.2_SC_UTF8.zip
new file mode 100755
index 0000000..c532c8f
Binary files /dev/null and b/代码和工具/演示源码/Discuz_X3.2_SC_UTF8.zip differ
diff --git a/代码和工具/演示源码/ECShop_V2.7.2_UTF8_Release0604.zip b/代码和工具/演示源码/ECShop_V2.7.2_UTF8_Release0604.zip
new file mode 100755
index 0000000..5266b39
Binary files /dev/null and b/代码和工具/演示源码/ECShop_V2.7.2_UTF8_Release0604.zip differ
diff --git a/代码和工具/演示源码/MetInfo5.0.zip b/代码和工具/演示源码/MetInfo5.0.zip
new file mode 100755
index 0000000..1cc225a
Binary files /dev/null and b/代码和工具/演示源码/MetInfo5.0.zip differ
diff --git a/代码和工具/演示源码/ThinkPHP_2.1_full.zip b/代码和工具/演示源码/ThinkPHP_2.1_full.zip
new file mode 100755
index 0000000..cbb5b4a
Binary files /dev/null and b/代码和工具/演示源码/ThinkPHP_2.1_full.zip differ
diff --git a/代码和工具/演示源码/bugfree3.0.2.zip b/代码和工具/演示源码/bugfree3.0.2.zip
new file mode 100755
index 0000000..968f626
Binary files /dev/null and b/代码和工具/演示源码/bugfree3.0.2.zip differ
diff --git a/代码和工具/演示源码/espcms_utf8.zip b/代码和工具/演示源码/espcms_utf8.zip
new file mode 100755
index 0000000..671e240
Binary files /dev/null and b/代码和工具/演示源码/espcms_utf8.zip differ
diff --git a/代码和工具/演示源码/phpcms_v9.4.2_GBK.zip b/代码和工具/演示源码/phpcms_v9.4.2_GBK.zip
new file mode 100755
index 0000000..79ada89
Binary files /dev/null and b/代码和工具/演示源码/phpcms_v9.4.2_GBK.zip differ
diff --git a/第一章/01.md b/第一章/01.md
index 145f9c5..3ec768f 100644
--- a/第一章/01.md
+++ b/第一章/01.md
@@ -48,4 +48,8 @@
 
 一切皆函数：y=f(x)，动态页面的过程可以理解成从页面输入一个或者多个变量后，程序在服务器上执行后的结果（新页面，服务器上数据的改变等）。基本的过程与函数一致。
 
-![alt text](img/php.drawio.svg)
\ No newline at end of file
+![alt text](img/php.drawio.svg)
+
+# 配置可被设定范围
+
+[配置可被设定范围](https://www.php.net/manual/zh/configuration.changes.modes.php)
\ No newline at end of file
diff --git a/第三章/01.md b/第三章/01.md
new file mode 100644
index 0000000..14dcd3a
--- /dev/null
+++ b/第三章/01.md
@@ -0,0 +1,62 @@
+# 简单的SQL 注入漏洞
+
+## 漏洞攻击
+
+```php
+<?php
+// 用户输入（未过滤）
+$username = $_POST['username'];
+$password = $_POST['password'];
+ 
+// 危险操作：直接拼接 SQL 查询
+$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
+$result = mysqli_query($conn, $sql);
+ 
+if (mysqli_num_rows($result) > 0) {
+    echo "登录成功！";
+} else {
+    echo "用户名或密码错误！";
+}
+?>
+```
+
+如何绕过密码验证？
+
+攻击者在 username 输入框中输入：
+
+````
+admin' --
+````
+
+实际执行的 SQL：
+
+```sql
+SELECT * FROM users WHERE username = 'admin' -- ' AND password = ''
+```
+
+-- 是 SQL 注释符号，导致后续的 AND password = '' 被忽略。
+查询变为：只要 username = 'admin' 成立即可登录，无需密码。
+
+## 漏洞原因和处理策略
+
+输入的字符串包含特殊字符，这些特殊字符与原有的SQL查询字符串一起构成了意外的SQL。输入的数据只能当作字符串使用，要使用转义。
+
+## 漏洞修复
+
+```php
+<?php
+// 使用预处理语句防止注入
+$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
+$stmt->bind_param("ss", $username, $password);
+$stmt->execute();
+$result = $stmt->get_result();
+ 
+if ($result->num_rows > 0) {
+    echo "登录成功！";
+} else {
+    echo "用户名或密码错误！";
+}
+?>
+```
+
+预使用PHP自带的SQL执行模板和绑定可以有效防止这种类型的SQL注入。
\ No newline at end of file