youys
/
cwe-top25
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
700 kB
16 Download
Tree: 83c6e7627d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '83c6e7627d'
${ noResults }
cwe-top25/Use of Hard-Coded Credentials/code files/Vulnerable/SQL_Injection.php

SQL_Injection.php 1.6 kB
Raw Normal View History

init
2 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. <?php

  2. 	// 1. Create a database connection

  3. 		// 1. Create a database connection

  4. 	$connection = mysqli_connect('localhost', 'root', 'dakota02', 'UMUC');

  5. 

  6. 

  7. //Once we call the mysqli_connect function, the value that it returns is what we

  8. //have assigned to the variable $connection. It is what is referred to as a handle for the connection.

  9. 

  10. //will see if connected, if not will quit and display error messages with error.

  11. 	//test if connection occured.

  12. 	if(mysqli_connect_errno()){

  13. 	die("Database connection failed: " .

  14. 		mysqli_connect_error() .

  15. 		"(" . mysqli_connect_errno() . ")"

  16. 	);

  17. 	}

  18. 

  19. ?>

  20. <?php

  21. 

  22. if (isset($_POST['submit'])){

  23. //assign post data to variables

  24. $first_name = $_POST["first_name"];

  25. $last_name = $_POST ["last_name"];

  26. $student_id = $_POST["student_id"];

  27. }

  28. 

  29. 	$stmt = $connection->prepare("INSERT INTO students (first_name, last_name, student_id) VALUES (?, ?, ?)");

  30.         $stmt->bind_param('sss', $_POST['first_name'], $_POST['last_name'], $_POST['student_id']);

  31.         $stmt->execute();

  32.         $stmt->close();

  33. 

  34.         

  35.         

  36. 	//test if there was a query error

  37. 	if($stmt){

  38. 			//success

  39. 			echo "Success! Student added to database!";

  40. 			}else{		

  41. 			//failure	

  42. 			die("Database query failed. " . mysqli_error($connection));

  43. 			}

  44. ?>

  45. 

  46. 

  47. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

  48. 	"http://www.w3.org/TR/html4/loose.dtd">

  49. <html lang="en">

  50. 

  51. <head>

  52. <title>SQL Injection</title>

  53. </head>

  54. 

  55. <body>

  56. 

  57. 

  58. 

  59. 

  60. </body>

  61. </html>

  62. 

  63. <?php

  64. 	//5.close database connection

  65. mysqli_close($connection);

  66. ?>

No Description

Contributors (1)
All