PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255) NOT NULL, email VARCHAR(255) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL );
Copy Clear
Copy Format Clear
<?php if (isset($_GET['showsource'])) { highlight_file(__FILE__); exit(); } require_once("config.php"); $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ]; try { $pdo = $pdo } catch (\PDOException $e) { exit("Unable to connect to DB"); } $max = 10; if (isset($_GET['max']) && !is_array($_GET['max']) && $_GET['max']>0) { $max = $_GET['max']; $words = ["'","\"",";","`"," ","a","b","h","k","p","v","x","or","if","case","in","between","join","json","set","=","|","&","%","+","-","<",">","#","/","\r","\n","\t","\v","\f"]; // list of characters to check foreach ($words as $w) { if (preg_match("#".preg_quote($w)."#i", $max)) { exit("H4ckerzzzz"); } //no weird chars } } try{ //seen in production $stmt = $pdo->prepare("SELECT id, name, email FROM users WHERE id<=$max"); $stmt->execute(); $results = $stmt->fetchAll(); } catch(\PDOException $e){ exit("ERROR: BROKEN QUERY"); } /* FYI CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255) NOT NULL, email VARCHAR(255) UNIQUE NOT NULL, password VARCHAR(255) NOT NULL ); */ ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Utenti</title> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet"> </head> <div class="container mt-5"> <h2>Users</h2> <table class="table table-bordered"> <thead> <tr> <th>ID</th> <th>Name</th> <th>Email</th> </tr> </thead> <tbody> <?php foreach ($results as $row): ?> <tr> <td><?= htmlspecialchars(strpos($row['id'],"INTIGRITI")===false?$row['id']:"REDACTED"); ?></td> <td><?= htmlspecialchars(strpos($row['name'],"INTIGRITI")===false?$row['name']:"REDACTED"); ?></td> <td><?= htmlspecialchars(strpos($row['email'],"INTIGRITI")===false?$row['email']:"REDACTED"); ?></td> </tr> <?php endforeach; ?> </tbody> </table> <div class="text-center mt-4"> <!-- Show Source Button --> <a href="?showsource=1" class="btn btn-primary">Show Source</a> </div> </div> <!-- including Bootstrap e jQuery --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> </body> </html>
Show:  
Copy Clear
Like the site? Share it!
Have a questions? Ask in our telegram chat!
© 2024 PHPize - format run and share PHP code with SQL queries online | About project | Disclaimer
PHP versions: PHP 5.6, PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2.13
RDBMS versions: MySQL 5.7, MySQL 5.7 Sakila (ReadOnly), MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), MariaDB 10, MariaDB 10 Sakila (ReadOnly), SQLite 3, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 11, PostgreSQL 12, PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, MS SQL Server 2022 AdventureWorks (ReadOnly), Firebird 4.0, Firebird 4.0 (Employee), Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL