docker-vulnerable-dvwa/dvwa/vulnerabilities/sqli/source/impossible.php

<?php

if( isset( $_GET[ 'Submit' ] ) ) {
	// Check Anti-CSRF token
	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );

	// Get input
	$id = $_GET[ 'id' ];

	// Was a number entered?
	if(is_numeric( $id )) {
		// Check the database
		$data = $db->prepare( 'SELECT first_name, last_name FROM users WHERE user_id = (:id) LIMIT 1;' );
		$data->bindParam( ':id', $id, PDO::PARAM_INT );
		$data->execute();
		$row = $data->fetch();

		// Make sure only 1 result is returned
		if( $data->rowCount() == 1 ) {
			// Get values
			$first = $row[ 'first_name' ];
			$last  = $row[ 'last_name' ];

			// Feedback for end user
			$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
		}
	}
}

// Generate Anti-CSRF token
generateSessionToken();

?>
first commit 2016-12-02 19:19:11 +00:00			`<?php`

			`if( isset( $_GET[ 'Submit' ] ) ) {`
			`// Check Anti-CSRF token`
			`checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );`

			`// Get input`
			`$id = $_GET[ 'id' ];`

			`// Was a number entered?`
			`if(is_numeric( $id )) {`
			`// Check the database`
			`$data = $db->prepare( 'SELECT first_name, last_name FROM users WHERE user_id = (:id) LIMIT 1;' );`
			`$data->bindParam( ':id', $id, PDO::PARAM_INT );`
			`$data->execute();`
			`$row = $data->fetch();`

			`// Make sure only 1 result is returned`
			`if( $data->rowCount() == 1 ) {`
			`// Get values`
			`$first = $row[ 'first_name' ];`
			`$last = $row[ 'last_name' ];`

			`// Feedback for end user`
			`$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";`
			`}`
			`}`
			`}`

			`// Generate Anti-CSRF token`
			`generateSessionToken();`

			`?>`