Vulnerable-Web-Application/SQL/sql3.php

<!DOCTYPE html>
<html>
<head>
	<title>SQL Injection</title>
	<link rel="shortcut icon" href="../Resources/hmbct.png" />
</head>
<body>

	<div style="background-color:#c9c9c9;padding:15px;">
      <button type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>
      <button type="button" name="mainButton" onclick="location.href='sqlmainpage.html';">Main Page</button>
	</div>

	<div align="center">
	<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" >
		<p>Give me book's number and I give you book's name in my library.</p>
		Book's number : <input type="text" name="number">
		<input type="submit" name="submit" value="Submit">
		<!-- <p>//Is this same with the level 2?</p>-->
	</form>
	</div>

<?php
	$servername = "localhost";
	$username = "root";
	$password = "";
	$db = "1ccb8097d0e9ce9f154608be60224c7c";

	// Create connection
	$conn = new mysqli($servername, $username, $password,$db);

	// Check connection
	if ($conn->connect_error) {
	    die("Connection failed: " . $conn->connect_error);
	} 
	//echo "Connected successfully";
	if(isset($_POST["submit"])){
		$number = $_POST['number'];
		$query = "SELECT bookname,authorname FROM books WHERE number = '$number'"; //Is this same with the level 2?
		$result = mysqli_query($conn,$query);

		if (!$result) { //Check result
		    $message  = 'Invalid query: ' . mysql_error() . "\n";
		    $message .= 'Whole query: ' . $query;
		    die($message);
		}

		while ($row = mysqli_fetch_assoc($result)) {
			echo "<hr>";
		    echo $row['bookname']." ----> ".$row['authorname'];    
		}

		if(mysqli_num_rows($result) <= 0)
			echo "0 result";
      
	}
?> 

</body>
</html>
Create sql3.php 2018-11-27 20:19:58 +00:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<title>SQL Injection</title>`
Update sql3.php 2018-11-29 16:57:19 +00:00			`<link rel="shortcut icon" href="../Resources/hmbct.png" />`
Create sql3.php 2018-11-27 20:19:58 +00:00			`</head>`
			`<body>`

Update sql3.php 2018-11-29 23:45:08 +00:00			`<div style="background-color:#c9c9c9;padding:15px;">`
			`<button type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>`
			`<button type="button" name="mainButton" onclick="location.href='sqlmainpage.html';">Main Page</button>`
			`</div>`

			`<div align="center">`
Create sql3.php 2018-11-27 20:19:58 +00:00			`<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" >`
			`<p>Give me book's number and I give you book's name in my library.</p>`
			`Book's number : <input type="text" name="number">`
Update sql3.php 2018-11-30 00:19:05 +00:00			`<input type="submit" name="submit" value="Submit">`
Update sql3.php 2018-11-27 20:29:48 +00:00			`<!-- <p>//Is this same with the level 2?</p>-->`
Create sql3.php 2018-11-27 20:19:58 +00:00			`</form>`
Update sql3.php 2018-11-29 23:45:08 +00:00			`</div>`
Create sql3.php 2018-11-27 20:19:58 +00:00
			`<?php`
			`$servername = "localhost";`
			`$username = "root";`
			`$password = "";`
Update sql3.php 2018-11-29 17:13:17 +00:00			`$db = "1ccb8097d0e9ce9f154608be60224c7c";`
Create sql3.php 2018-11-27 20:19:58 +00:00
			`// Create connection`
			`$conn = new mysqli($servername, $username, $password,$db);`

			`// Check connection`
			`if ($conn->connect_error) {`
			`die("Connection failed: " . $conn->connect_error);`
			`}`
			`//echo "Connected successfully";`
			`if(isset($_POST["submit"])){`
			`$number = $_POST['number'];`
			`$query = "SELECT bookname,authorname FROM books WHERE number = '$number'"; //Is this same with the level 2?`
			`$result = mysqli_query($conn,$query);`

			`if (!$result) { //Check result`
			`$message = 'Invalid query: ' . mysql_error() . "\n";`
			`$message .= 'Whole query: ' . $query;`
			`die($message);`
			`}`

			`while ($row = mysqli_fetch_assoc($result)) {`
			`echo "<hr>";`
			`echo $row['bookname']." ----> ".$row['authorname'];`
			`}`

			`if(mysqli_num_rows($result) <= 0)`
			`echo "0 result";`

			`}`
			`?>`

			`</body>`
			`</html>`