mamiwinsfall93/SQL injection

## SQL injection
<?php
if(isset($_POST['submit'])){
$name = $_POST['name'];

// user input that uses SQL Injection
$name_bad = $_POST['name'];
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

// display what the new query will look like, with injection
echo "<span style='color:red'>Injection: " . $query_bad."<br>";

echo "The injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query<br>

    username = ' '<br>

   and then added on to our WHERE statement with an OR clause of 1 (always true).<br>

   username = ' ' OR 1</span><br><br>";


}

?>

<form method="post">
<label>Please Insert 'OR 1' (with single quotes as it is i.e. 'OR 1') </label><br>
	<input type="text" name="name"><br>
	<input type="submit" name="submit" value="submit">
</form>
	<?php
	if(isset($_POST['submit'])){
	$name = $_POST['name'];

	// user input that uses SQL Injection
	$name_bad = $_POST['name'];
	$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

	// display what the new query will look like, with injection
	echo "<span style='color:red'>Injection: " . $query_bad."<br>";

	echo "The injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query<br>

	username = ' '<br>

	and then added on to our WHERE statement with an OR clause of 1 (always true).<br>

	username = ' ' OR 1</span><br><br>";


	}

	?>

	<form method="post">
	<label>Please Insert 'OR 1' (with single quotes as it is i.e. 'OR 1') </label><br>
	<input type="text" name="name"><br>
	<input type="submit" name="submit" value="submit">
	</form>