jesusnoseq/index.php

## index.php
<?php
// Configuracion de la conexion a la base de datos
// Normalmente se pone en otro fichero para hacer
// include o require posteriormente
define('NAME',"sqltest");
define('SERVER',"127.0.0.1");
define('USER',"root");
define('PWD',"");

?>
<!doctype html>
<html lang="es"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>
Test SQL injection
</title>
    <body>
<h2>Formulario</h2>
    <form name="login" action="index.php" method="POST" accept-charset="utf-8">
    <ul>
            <li><label for="username">username</label>
            <input type="text" name="username" placeholder="your username" required></li>
            <li><label for="password">Password</label>
            <input type="text" name="password" placeholder="password" required></li>
            <li>
            <input type="submit" value="Login"></li>
    </ul>
    </form>


<h2>Datos POST</h2>
    <?php

    $username=$_POST['username'];
    $password=$_POST['password'];

if ($username && $password){
        echo 'Usuario: '. $username;
        echo '</br>Password: '. $password;
    ?>


<h2>Datos seleccionados de la BD sin filtrar los datos de entrada</h2>
    <?php
//******************************************************* METODO VULNERABLE **//
    $connect=mysql_connect(SERVER, USER, PWD)
        or die ("Error while connecting to database");
    mysql_select_db(NAME,$connect)
        or die ("Error while select database");

     //$sql="select id, username, password from usuarios
     //   where username like '$username' and password like $password";

    $sql="select id, username, password from usuarios
        where username='$username' and password='$password'";

    $result=mysql_query($sql,$connect)
            or die(mysql_error().'<br>'.$sql); // si falla muestro el error

    mysql_close($connect);

    $matriz=array();
    while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
        $matriz[]=$row;
    }
    $result=null;

    echo 'Filas: '.count($matriz);
    echo '<pre>';
    print_r($matriz);
    echo '</pre>';
    $matriz=NULL;
    ?>


 <h2>Datos seleccionados de la BD filtrando los datos de entrada</h2>
    <?php
//*********************************************************** METODO SEGURO **//
    $pdo = new PDO('mysql:host='.SERVER.';dbname='.NAME, USER, PWD);
    $statement = $pdo->prepare("select id, username, password from usuarios
        where username=? and password=?");
    // asigno y filtro las entradas
    $statement->bindParam(1, $username, PDO::PARAM_STR, 200);
    $statement->bindParam(2, $password, PDO::PARAM_STR, 200);
    $statement->execute();

    $result = $statement->fetchall(PDO::FETCH_ASSOC);
    $statement->closeCursor();

    echo 'Filas: '.count($matriz);
    echo '<pre>';
    print_r($result);
    echo '</pre>';


}

?>


    </body>
</html>
	<?php
	// Configuracion de la conexion a la base de datos
	// Normalmente se pone en otro fichero para hacer
	// include o require posteriormente
	define('NAME',"sqltest");
	define('SERVER',"127.0.0.1");
	define('USER',"root");
	define('PWD',"");

	?>
	<!doctype html>
	<html lang="es"><head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>
	Test SQL injection
	</title>
	<body>
	<h2>Formulario</h2>
	<form name="login" action="index.php" method="POST" accept-charset="utf-8">
	<ul>
	<li><label for="username">username</label>
	<input type="text" name="username" placeholder="your username" required></li>
	<li><label for="password">Password</label>
	<input type="text" name="password" placeholder="password" required></li>
	<li>
	<input type="submit" value="Login"></li>
	</ul>
	</form>


	<h2>Datos POST</h2>
	<?php

	$username=$_POST['username'];
	$password=$_POST['password'];

	if ($username && $password){
	echo 'Usuario: '. $username;
	echo '</br>Password: '. $password;
	?>



	<h2>Datos seleccionados de la BD sin filtrar los datos de entrada</h2>
	<?php
	//***************************************************** METODO VULNERABLE //
	$connect=mysql_connect(SERVER, USER, PWD)
	or die ("Error while connecting to database");
	mysql_select_db(NAME,$connect)
	or die ("Error while select database");

	//$sql="select id, username, password from usuarios
	// where username like '$username' and password like $password";

	$sql="select id, username, password from usuarios
	where username='$username' and password='$password'";

	$result=mysql_query($sql,$connect)
	or die(mysql_error().'<br>'.$sql); // si falla muestro el error

	mysql_close($connect);

	$matriz=array();
	while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
	$matriz[]=$row;
	}
	$result=null;

	echo 'Filas: '.count($matriz);
	echo '<pre>';
	print_r($matriz);
	echo '</pre>';
	$matriz=NULL;
	?>



	<h2>Datos seleccionados de la BD filtrando los datos de entrada</h2>
	<?php
	//********************************************************* METODO SEGURO //
	$pdo = new PDO('mysql:host='.SERVER.';dbname='.NAME, USER, PWD);
	$statement = $pdo->prepare("select id, username, password from usuarios
	where username=? and password=?");
	// asigno y filtro las entradas
	$statement->bindParam(1, $username, PDO::PARAM_STR, 200);
	$statement->bindParam(2, $password, PDO::PARAM_STR, 200);
	$statement->execute();

	$result = $statement->fetchall(PDO::FETCH_ASSOC);
	$statement->closeCursor();

	echo 'Filas: '.count($matriz);
	echo '<pre>';
	print_r($result);
	echo '</pre>';



	}

	?>


	</body>
	</html>