youys
/
cwe-top25
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
700 kB
16 Download
Tree: 83c6e7627d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '83c6e7627d'
${ noResults }
cwe-top25/Use of Hard-Coded Credentials/code files/Mitigated/SQL_Injection.php

SQL_Injection.php 1.3 kB
Raw Normal View History

init
2 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. <?php

  2. 	

  3. require 'db.php';

  4. 

  5. 

  6. 

  7. //will see if connected, if not will quit and display error messages with error.

  8. 	//test if connection occured.

  9. 	if(mysqli_connect_errno()){

  10. 	die("Database connection failed: " .

  11. 		mysqli_connect_error() .

  12. 		"(" . mysqli_connect_errno() . ")"

  13. 	);

  14. 	}

  15. 

  16. ?>

  17. <?php

  18. 

  19. if (isset($_POST['submit'])){

  20. //assign post data to variables

  21. $first_name = $_POST["first_name"];

  22. $last_name = $_POST ["last_name"];

  23. $student_id = $_POST["student_id"];

  24. }

  25. 

  26. 	$stmt = $connection->prepare("INSERT INTO students (first_name, last_name, student_id) VALUES (?, ?, ?)");

  27.         $stmt->bind_param('sss', $_POST['first_name'], $_POST['last_name'], $_POST['student_id']);

  28.         $stmt->execute();

  29.         $stmt->close();

  30. 

  31.         

  32.         

  33. 	//test if there was a query error

  34. 	if($stmt){

  35. 			//success

  36. 			echo "Success! Student added to database!";

  37. 			}else{		

  38. 			//failure	

  39. 			die("Database query failed. " . mysqli_error($connection));

  40. 			}

  41. ?>

  42. 

  43. 

  44. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

  45. 	"http://www.w3.org/TR/html4/loose.dtd">

  46. <html lang="en">

  47. 

  48. <head>

  49. <title>SQL Injection</title>

  50. </head>

  51. 

  52. <body>

  53. 

  54. 

  55. 

  56. 

  57. </body>

  58. </html>

  59. 

  60. <?php

  61. 	//5.close database connection

  62. mysqli_close($connection);

  63. ?>

No Description

Contributors (1)
All