From f0d386b28200470105133836e7e80b4d1e52d225 Mon Sep 17 00:00:00 2001 From: sai-reddy007 <102576728+sai-reddy007@users.noreply.github.com> Date: Fri, 26 Sep 2025 19:31:31 +0530 Subject: [PATCH] Add files via upload --- sql1.php | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++ sql2.php | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 sql1.php create mode 100644 sql2.php diff --git a/sql1.php b/sql1.php new file mode 100644 index 000000000..57f60ecf7 --- /dev/null +++ b/sql1.php @@ -0,0 +1,56 @@ + + + + SQL Injection + + + + +
+ + +
+ +
+
+

John -> Doe

+ First name : + +
+
+ + + 0) { + // output data of each row + while($row = mysqli_fetch_assoc($result)) { + echo $row["lastname"]; + echo "
"; + } + } else { + echo "0 results"; + } + } + + ?> + + diff --git a/sql2.php b/sql2.php new file mode 100644 index 000000000..00237128b --- /dev/null +++ b/sql2.php @@ -0,0 +1,59 @@ + + + + SQL Injection + + + + +
+ + +
+ +
+
+

Give me book's number and I give you book's name in my library.

+ Book's number : + +
+
+ +connect_error) { + die("Connection failed: " . $conn->connect_error); + } + //echo "Connected successfully"; + if(isset($_POST["submit"])){ + $number = $_POST['number']; + $query = "SELECT bookname,authorname FROM books WHERE number = $number"; //Int + $result = mysqli_query($conn,$query); + + if (!$result) { //Check result + $message = 'Invalid query: ' . mysql_error() . "\n"; + $message .= 'Whole query: ' . $query; + die($message); + } + + while ($row = mysqli_fetch_assoc($result)) { + echo "
"; + echo $row['bookname']." ----> ".$row['authorname']; + } + + if(mysqli_num_rows($result) <= 0) + echo "0 result"; + } + +?> + + +