Created
November 21, 2015 07:44
-
-
Save slaxit32/06c5289a381d51b47511 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>test sql injection</title> | |
</head> | |
<body> | |
<form action="index.php" method="get"> | |
User Name : | |
<input type="text" name="un"> | |
Password : | |
<input type="text" name="pw"> | |
<input type="submit" value="Submit"> | |
</form> | |
<?php | |
$servername = "localhost"; | |
$username = "root"; | |
$password = ""; | |
$dbname = "testsql"; | |
@$user_name=$_GET['un'];//variable for get username from html form | |
@$pass_word=$_GET['pw'];//variable for get password from html form | |
// Create connection | |
$conn = mysqli_connect($servername, $username, $password, $dbname); | |
// Check connection | |
if (!$conn) { | |
die("Connection failed: " . mysqli_connect_error()); | |
} | |
//query to check username and password | |
$sql = "SELECT * FROM testtable WHERE user='$user_name' AND pass='$pass_word'"; | |
if (mysqli_query($conn, $sql)) { | |
//checking username and password | |
$un_and_pass_check=mysqli_query($conn, $sql); | |
//if there is a match it will return 1 | |
$check=mysqli_num_rows($un_and_pass_check); | |
//if there is a match display login ok | |
echo "<br><br><br>"; | |
if ($check) { | |
echo "login ok"; | |
} | |
//user name and password do not match display error | |
else{ | |
echo "username and password error"; | |
} | |
} | |
else { | |
echo "Error: " . $sql . "<br>" . mysqli_error($conn); | |
} | |
echo "<br><br><br><br>"; | |
//preview mysql query for better analysis | |
echo "<b>preview mysql query</b> <br><br>"; | |
echo $sql; | |
mysqli_close($conn); | |
?> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment