Now I use xampp for simulate server and I don't know how to post my code stackoverflow doesn't let me do.
So I download Python ver2.7 and sqlmap for trying to injection my website (.php).
and I search tutorial in Internet and get struct with this command "sqlmap.py -u "link". My question is about at the end of the link in tutorial have a ".php?id=1" and they found id by search in Google. But my server is xampp I can't search in Google too. so what does "id=" mean? and is there anyway to injection and get all of database of this website.
because I type sqlmap.py -u "http://localhost/secure/sc.php" or even I put--level=3 --risk=3` output still be
[CRITICAL] all tested parameters appear to be not injectable.
Is xampp can do this injection sqlmap or I should try another server simulator?
Yes, XAMPP is just fine.
You need to help sqlmap a bit and tell which are the parameters that your script takes and provide some valid values.
For example
sqlmap.py -u "http://localhost/secure/sc.php?id=1&name=Joe"
Additionally you can put an *, to mark a parameter that you would like to test.
sqlmap.py -u "http://localhost/secure/sc.php?id=1*&name=Joe"