Create sql6.php
This commit is contained in:
Fatih Çelik
GitHub
parent
4b8ee90637
commit
47d004e519
43
SQL/sql6.php
Normal file
43
SQL/sql6.php
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>SQL Injection</title>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="get" >
|
||||
<p>Give me book's number and I give you...</p>
|
||||
Book's number : <input type="text" name="number">
|
||||
<input type="submit" name="submit">
|
||||
</form>
|
||||
<!--Admin password is in the secret table. I hope, anyone doesn't see it.-->
|
||||
<?php
|
||||
$servername = "localhost";
|
||||
$username = "root";
|
||||
$password = "";
|
||||
$db = "1ccb8097d0e9ce9f154608be60224c7c";
|
||||
// Create connection
|
||||
$conn = new mysqli($servername, $username, $password,$db);
|
||||
|
||||
// Check connection
|
||||
if ($conn->connect_error) {
|
||||
die("Connection failed: " . $conn->connect_error);
|
||||
}
|
||||
//echo "Connected successfully";
|
||||
$source = "";
|
||||
if(isset($_GET["submit"])){
|
||||
$number = $_GET['number'];
|
||||
$query = "SELECT bookname,authorname FROM books WHERE number = '$number'";
|
||||
$result = mysqli_query($conn,$query);
|
||||
$row = @mysqli_num_rows($result);
|
||||
echo "<hr>";
|
||||
if($row > 0){
|
||||
echo "<pre>There is a book with this index.</pre>";
|
||||
}else{
|
||||
echo "Not found!";
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in New Issue
Block a user