Menu
I am to do a presentation on SQL Injection, and what better way to do it than to make my own php queries and show them to the class. The problem is I have my DB and php code running flawlessly, but can't seem to find an exploit on my UPDATE query in an edit form I made. If anyone could take a look at it and tell me how I could insert say a 'DROP TABLE' command or something of the sort, it would be extremely helpful!
<?php
session_start();
require_once 'config.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
$userid = $_SESSION["userid"];
$fname = $_SESSION["fname"];
$lname = $_SESSION["lname"];
$gender = $_SESSION["gender"];
$email = $_SESSION["email"];
if($_SERVER["REQUEST_METHOD"] == "POST") {
$userid = trim($_POST["userid"]);
$fname = trim($_POST["fname"]);
$lname = trim($_POST["lname"]);
$gender = trim($_POST["gender"]);
$email = trim($_POST["email"]);
$query = "UPDATE user_details SET fname = '$fname', lname = '$lname', gender = '$gender', email = '$email' WHERE userid = '$userid' ";
if (mysqli_query($link, $query)) {
echo 'Update complete!';
}
echo mysqli_error($link);
// else {
// echo '<p>' . 'Woah something went really wrong dude' . '</p>' ;
// echo mysqli_error($link);
// }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Edit</title>
<link rel="stylesheet" href="bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<div class="container">
<form class= "form-inline" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<label>First Name</label>
<input type="text" name="fname" class="form-control" value="<?php echo $_SESSION["fname"]; ?>">
<label>Last Name</label>
<input type="text" name="lname" class="form-control" value="<?php echo $_SESSION["lname"]; ?>">
<label>Gender</label>
<input type="text" name="gender" class="form-control" value="<?php echo $_SESSION["gender"]; ?>">
<label>Email</label>
<input type="text" name="email" class="form-control" value="<?php echo $_SESSION["email"]; ?>">
</div>
<div class = "wrapper">
<label>UserID</label>
<input type="text" name="userid" class="form-control" value="<?php echo $_SESSION["userid"]; ?>">
<button type="submit">Submit</button>
</form>
<form action="action.php"><button type="submit">Back</button></form>
</div>
</body>
</html>
983
asked Mar 18 '26 02:03
In the most of the cases mysqli prevents multiple queries and MySQL itself has certain in-built security measures to prevent accidental deletion of tables and databases. So your DROP TABLE won't work.
But you can demonstrate a successful login attempt using MySQL injections.
Create a login form and pass data to the validation page. There write your query as,
query = "SELECT * FROM `user`
WHERE `username` = '." username ".' AND `password` = '." password ".'";
Now, in the login form enter username as ' OR '1'='1 and password as ' OR '1'='1. so at the end the complete query would look like this,
SELECT * FROM `user` WHERE `username`='' OR '1'='1' AND `password`='' OR '1'='1';
this will return all the user records in the user table, and simply the application would login by using the very first record.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
