Need your HELP !! SQL INJECTION problem

I think we're missing something. $data never gets set, nor are any SQL-queries executed, which makes it quite hard to exploit. :P Oh and another thing: use the [ code ] tag.

(Oh and even if the code would be correct, I still doubt that anyone will just give you the answer. Looks like a challenge from some other site you just can't solve.)

well the code is incomplete, but the issue here is the filter used below…

if(eregi("from",$ck)) exit();
if(eregi("union",$_GET[id])) exit();

fairly easy to bypass, using comment tags (something like uni/**/on) should do, other then that you just do your regular injection routine :)