SQL inejction niet veilig
Veilige versie
Mysql script
Geef gebruikersnaam en wachtwoord:
<?php
include('../connecti.php');
?>
<html>
<head>
<meta content='text/html; charset=utf8' http-equiv='Content-Type' />
<title></title>
</head>
<body>
<h1>SQL inejction niet veilig</h1>
<a href="safe.php">Veilige versie</a></br>
<a href="db.sql">Mysql script</a></br>
<br>Geef gebruikersnaam en wachtwoord:<br>
<form action=<?php echo $_SERVER['SCRIPT_NAME']; ?> method='post'>
Gebruikersnaam: (pietp) <input type='text' name='username'><br>
Wachtwoord: (Test123) <input type='text' name='password' size='50' value="'OR' 1=1"><br>
Hack met: ' OR '1=1
<br><input type='submit' value='ok'>
</form>
<?php
$query = '';
if (!empty($_POST))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM mytable WHERE username ='$username' AND password = '$password'";
echo'<br>' . $query . '<br>';
$result = $mysqli->query($query);
while($row = $result->fetch_assoc())
{
echo $row['id'] . ' | ' . $row['username'] .' | ' . $row['password'] .' | ' . $row['email'] . '<br>';
}
}
show_source(__FILE__);
?>
</body>
</html>