Last active
October 8, 2018 17:47
-
-
Save arbaouimehdi/78483c5206201b4225afa33911f8fd01 to your computer and use it in GitHub Desktop.
SQL Injection Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $user = 'root'; | |
| $password = 'root'; | |
| $db = 'SQL-Injection'; | |
| $host = 'localhost'; | |
| $port = 3306; | |
| $link = mysql_connect( | |
| "$host:$port", | |
| $user, | |
| $password | |
| ); | |
| $db_selected = mysql_select_db( | |
| $db, | |
| $link | |
| ); | |
| // dynamically build the sql statement with the input | |
| $userId = 1; | |
| $query = "SELECT id, user_id, car_name, car_model, car_model_year FROM cars WHERE user_id = $userId AND car_name = '$_GET[car_name]'"; | |
| print_r($query); | |
| // execute the query against the database | |
| $result = mysql_query($query); | |
| if ($result) { | |
| while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { | |
| echo '<pre>'; | |
| print_r($row); | |
| echo '</pre>'; | |
| } | |
| } else { | |
| die('<p>Error:' . mysql_error() . '</p>'); | |
| } | |
| // iterate through the record set returned | |
| $row = 1; | |
| while ($db_field = mysql_fetch_assoc($result)) { | |
| if ($row <= $rowcount) { | |
| echo '<pre>'; | |
| print_r($db_field); | |
| echo '</pre>'; | |
| } | |
| $row++; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment