diff --git a/sql1.php b/sql1.php new file mode 100644 index 000000000..57f60ecf7 --- /dev/null +++ b/sql1.php @@ -0,0 +1,56 @@ + + + + SQL Injection + + + + +
+ + +
+ +
+
+

John -> Doe

+ First name : + +
+
+ + + 0) { + // output data of each row + while($row = mysqli_fetch_assoc($result)) { + echo $row["lastname"]; + echo "
"; + } + } else { + echo "0 results"; + } + } + + ?> + + diff --git a/sql2.php b/sql2.php new file mode 100644 index 000000000..00237128b --- /dev/null +++ b/sql2.php @@ -0,0 +1,59 @@ + + + + SQL Injection + + + + +
+ + +
+ +
+
+

Give me book's number and I give you book's name in my library.

+ Book's number : + +
+
+ +connect_error) { + die("Connection failed: " . $conn->connect_error); + } + //echo "Connected successfully"; + if(isset($_POST["submit"])){ + $number = $_POST['number']; + $query = "SELECT bookname,authorname FROM books WHERE number = $number"; //Int + $result = mysqli_query($conn,$query); + + if (!$result) { //Check result + $message = 'Invalid query: ' . mysql_error() . "\n"; + $message .= 'Whole query: ' . $query; + die($message); + } + + while ($row = mysqli_fetch_assoc($result)) { + echo "
"; + echo $row['bookname']." ----> ".$row['authorname']; + } + + if(mysqli_num_rows($result) <= 0) + echo "0 result"; + } + +?> + + +