docker-vulnerable-dvwa/dvwa/vulnerabilities/sqli_blind/source/low.php

29 lines
822 B
PHP
Raw Normal View History

2016-12-02 19:19:11 +00:00
<?php
if( isset( $_GET[ 'Submit' ] ) ) {
// Get input
$id = $_GET[ 'id' ];
// Check database
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
2018-10-12 15:49:58 +00:00
$result = mysqli_query($GLOBALS["___mysqli_ston"], $getid ); // Removed 'or die' to suppress mysql errors
2016-12-02 19:19:11 +00:00
// Get results
2018-10-12 15:49:58 +00:00
$num = @mysqli_num_rows( $result ); // The '@' character suppresses errors
2016-12-02 19:19:11 +00:00
if( $num > 0 ) {
// Feedback for end user
$html .= '<pre>User ID exists in the database.</pre>';
}
else {
// User wasn't found, so the page wasn't!
header( $_SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' );
// Feedback for end user
$html .= '<pre>User ID is MISSING from the database.</pre>';
}
2018-10-12 15:49:58 +00:00
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
2016-12-02 19:19:11 +00:00
}
?>