docker-vulnerable-dvwa/dvwa/vulnerabilities/sqli/source/low.php

25 lines
764 B
PHP
Raw Normal View History

2016-12-02 19:19:11 +00:00
<?php
if( isset( $_REQUEST[ 'Submit' ] ) ) {
// Get input
$id = $_REQUEST[ 'id' ];
// Check database
$query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
2018-10-12 15:49:58 +00:00
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
2016-12-02 19:19:11 +00:00
// Get results
2018-10-12 15:49:58 +00:00
while( $row = mysqli_fetch_assoc( $result ) ) {
2016-12-02 19:19:11 +00:00
// Get values
2018-10-12 15:49:58 +00:00
$first = $row["first_name"];
$last = $row["last_name"];
2016-12-02 19:19:11 +00:00
// Feedback for end user
$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
}
2018-10-12 15:49:58 +00:00
mysqli_close($GLOBALS["___mysqli_ston"]);
2016-12-02 19:19:11 +00:00
}
?>