diff --git a/sql1.php b/sql1.php
new file mode 100644
index 000000000..57f60ecf7
--- /dev/null
+++ b/sql1.php
@@ -0,0 +1,56 @@
+
+
+
+ SQL Injection
+
+
+
+
+
+
+
+
+
+
+
+
+ 0) {
+ // output data of each row
+ while($row = mysqli_fetch_assoc($result)) {
+ echo $row["lastname"];
+ echo "
";
+ }
+ } else {
+ echo "0 results";
+ }
+ }
+
+ ?>
+
+
diff --git a/sql2.php b/sql2.php
new file mode 100644
index 000000000..00237128b
--- /dev/null
+++ b/sql2.php
@@ -0,0 +1,59 @@
+
+
+
+ SQL Injection
+
+
+
+
+
+
+
+
+
+
+
+connect_error) {
+ die("Connection failed: " . $conn->connect_error);
+ }
+ //echo "Connected successfully";
+ if(isset($_POST["submit"])){
+ $number = $_POST['number'];
+ $query = "SELECT bookname,authorname FROM books WHERE number = $number"; //Int
+ $result = mysqli_query($conn,$query);
+
+ if (!$result) { //Check result
+ $message = 'Invalid query: ' . mysql_error() . "\n";
+ $message .= 'Whole query: ' . $query;
+ die($message);
+ }
+
+ while ($row = mysqli_fetch_assoc($result)) {
+ echo "
";
+ echo $row['bookname']." ----> ".$row['authorname'];
+ }
+
+ if(mysqli_num_rows($result) <= 0)
+ echo "0 result";
+ }
+
+?>
+
+
+