PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255) NOT NULL, email VARCHAR(255) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL );
Copy Clear
Copy Format Clear
<?php if (isset($_GET['showsource'])) { highlight_file(__FILE__); exit(); } $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; try { $pdo = $pdo; } catch (\PDOException $e) { exit("Unable to connect to DB"); } $max = 10; if (isset($_GET['max']) && !is_array($_GET['max']) && $_GET['max']>0) { $max = $_GET['max']; $words = ["'","\"",";","`"," ","a","b","h","k","p","v","x","or","if","case","in","between","join","json","set","=","|","&","%","+","-","<",">","#","/","\r","\n","\t","\v","\f"]; // list of characters to check foreach ($words as $w) { if (preg_match("#".preg_quote($w)."#i", $max)) { exit("H4ckerzzzz"); } //no weird chars } } try{ //seen in production $stmt = $pdo->prepare("SELECT id, name, email FROM users WHERE id<=$max"); $stmt->execute(); $results = $stmt->fetchAll(); } catch(\PDOException $e){ exit("ERROR: BROKEN QUERY"); } /* FYI CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255) NOT NULL, email VARCHAR(255) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL ); */ ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Utenti</title> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet"> </head> <div class="container mt-5"> <h2>Users</h2> <table class="table table-bordered"> <thead> <tr> <th>ID</th> <th>Name</th> <th>Email</th> </tr> </thead> <tbody> <?php foreach ($results as $row): ?> <tr> <td><?= htmlspecialchars(strpos($row['id'],"INTIGRITI")===false?$row['id']:"REDACTED"); ?></td> <td><?= htmlspecialchars(strpos($row['name'],"INTIGRITI")===false?$row['name']:"REDACTED"); ?></td> <td><?= htmlspecialchars(strpos($row['email'],"INTIGRITI")===false?$row['email']:"REDACTED"); ?></td> </tr> <?php endforeach; ?> </tbody> </table> <div class="text-center mt-4"> <!-- Show Source Button --> <a href="?showsource=1" class="btn btn-primary">Show Source</a> </div> </div> <!-- including Bootstrap e jQuery --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> </body> </html>
Show:  
Copy Clear