Created
January 25, 2024 02:37
-
-
Save Bujhm/08f65fb5bbca661ce0b680075930e596 to your computer and use it in GitHub Desktop.
security vulnerable php code (old)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Code with the security issue | |
| // Connect to the database | |
| $mysqli = new mysqli ("localhost", "username", "password", "database"); | |
| // Check for errors | |
| if ($mysqli->connect_error) { | |
| die("Connection failed: ". $mysqli->connect_error);} | |
| // Get the user input from a GET request | |
| $user_id = $_GET['user_id']; | |
| // SQL query | |
| $sql = "SELECT username, email FROM users WHERE id = $user_id"; | |
| $result = $mysqli->query($sql); | |
| // Fetch results | |
| if ($result->num_rows > 0) { | |
| while ($row = $result->fetch_assoc()) { | |
| echo "Username: " . $row["username"]. " - Email: " . $row["email"] . "<br> "; | |
| } | |
| } else { | |
| echo "0 results"; | |
| } | |
| $mysqli->close(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment