Skip to content

Instantly share code, notes, and snippets.

@AlphaRomeoMike

AlphaRomeoMike/index.php

Last active December 16, 2023 19:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AlphaRomeoMike/b43971c960dd01f8e128ccd2ed5a61e0 to your computer and use it in GitHub Desktop.
Save AlphaRomeoMike/b43971c960dd01f8e128ccd2ed5a61e0 to your computer and use it in GitHub Desktop.
Download ZIP
An example of PHP based SQL Injection attack
Raw
index.php
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);
$code = 'DEU';$language = 'Bavarian'; $official = "F";$percent = 11.2;
$stmt->execute();
printf("%d row inserted.\n", $stmt->affected_rows);
/* Clean up table CountryLanguage */
$mysqli->query("DELETE FROM CountryLanguage WHERE Language='Bavarian'");
printf("%d row deleted.\n", $mysqli->affected_rows);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment