youys
/
cwe-top25
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
700 kB
16 Download
Tree: 83c6e7627d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '83c6e7627d'
${ noResults }
cwe-top25/SQL Injection/code files/Mitigated/SQL_Injection.php

SQL_Injection.php 1.7 kB
Raw Normal View History

init
2 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. <?php

  2. 	// 1. Create a database connection

  3. 	$dbhost = "localhost";

  4. 	$dbuser = "root";

  5. 	$dbpass = "dakota02";

  6. 	$dbname = "UMUC";

  7. 	$connection = mysqli_connect($dbhost, $dbuser, $dbpass,

  8. 			$dbname);

  9. //you could just place the variables directly into the arugments also, but

  10. //it's easier to understand this way.

  11. 

  12. //Once we call the mysqli_connect function, the value that it returns is what we

  13. //have assigned to the variable $connection. It is what is referred to as a handle for the connection.

  14. 

  15. //will see if connected, if not will quit and display error messages with error.

  16. 	//test if connection occured.

  17. 	if(mysqli_connect_errno()){

  18. 	die("Database connection failed: " .

  19. 		mysqli_connect_error() .

  20. 		"(" . mysqli_connect_errno() . ")"

  21. 	);

  22. 	}

  23. 

  24. ?>

  25. <?php

  26. 

  27. if (isset($_POST['submit'])){

  28. //assign post data to variables

  29. $first_name = $_POST["first_name"];

  30. $last_name = $_POST ["last_name"];

  31. $student_id = $_POST["student_id"];

  32. }

  33. 

  34. 	$stmt = $connection->prepare("INSERT INTO students (first_name, last_name, student_id) VALUES (?, ?, ?)");

  35.         $stmt->bind_param('sss', $_POST['first_name'], $_POST['last_name'], $_POST['student_id']);

  36.         $stmt->execute();

  37.         $stmt->close();

  38. 

  39.         

  40.         

  41. 	//test if there was a query error

  42. 	if($stmt){

  43. 			//success

  44. 			echo "Success! Student added to database!";

  45. 			}else{		

  46. 			//failure	

  47. 			die("Database query failed. " . mysqli_error($connection));

  48. 			}

  49. ?>

  50. 

  51. 

  52. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

  53. 	"http://www.w3.org/TR/html4/loose.dtd">

  54. <html lang="en">

  55. 

  56. <head>

  57. <title>SQL Injection</title>

  58. </head>

  59. 

  60. <body>

  61. 

  62. 

  63. 

  64. 

  65. </body>

  66. </html>

  67. 

  68. <?php

  69. 	//5.close database connection

  70. mysqli_close($connection);

  71. ?>

No Description

Contributors (1)
All