PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
CREATE TABLE products ( Id INTEGER PRIMARY KEY AUTO_INCREMENT, name TEXT NOT NULL, description TEXT NOT NULL, price REAL NOT NULL ); Create table users ( id INTEGER PRIMARY KEY AUTO_INCREMENT, username TEXT NOT NULL, password TEXT NOT NULL, email TEXT NOT NULL, admin INTEGER NOT NULL DEFAULT 0 ); insert into users (username, password, email, admin) values ('admin', 'admin', 'admin@localhost', 1); INSERT INTO products (name, description, price) VALUES ('Prueba','Prueba',1000); SELECT length(username) FROM users LIMIT 1
Copy Clear
Copy Format Clear
<?php error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); // Retrieve the product information from the form $name = mysqli_real_escape_string($mysqli, "Name"); $description = mysqli_real_escape_string($mysqli, "version()"); //$price = mysqli_real_escape_string($mysqli, "1000); SELECT * FROM products WHERE (1=1"); //$price = mysqli_real_escape_string($mysqli, "@VERSION"); $price = "(SELECT length(username) FROM users LIMIT 1)"; echo $name; //"INSERT INTO products (name, description, price) VALUES ('NAME','Description',1000); SELECT table_name FROM information_schema.tables where (1=1); $sql = "INSERT INTO products (name, description, price) VALUES ('".$name."','".$description."',".$price.");"; // Use a prepared statement to prevent SQL injection attacks echo $sql; $query = mysqli_prepare($mysqli, $sql); // mysqli_stmt_bind_param($query, "ssd", $name, $description, $price); mysqli_stmt_execute($query); // Use a prepared statement to prevent SQL injection attacks $query = mysqli_prepare($mysqli, "SELECT * FROM products"); mysqli_stmt_execute($query); // Store the result of the query $result = mysqli_stmt_get_result($query); // Loop through the rows of the result while ($row = mysqli_fetch_assoc($result)) { // Display the product information echo "<h2>" . $row['name'] . "</h2>"; echo "<p>" . $row['description'] . "</p>"; echo "<p>Price: $" . $row['price'] . "</p>"; echo "<hr>"; } ?>
Show:  
Copy Clear
Like the site? Share it!
Have a questions? Ask in our telegram chat!
© 2024 PHPize - format run and share PHP code with SQL queries online | About project | Disclaimer
PHP versions: PHP 5.6, PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2.13
RDBMS versions: MySQL 5.7, MySQL 5.7 Sakila (ReadOnly), MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), MariaDB 10, MariaDB 10 Sakila (ReadOnly), SQLite 3, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 11, PostgreSQL 12, PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, MS SQL Server 2022 AdventureWorks (ReadOnly), Firebird 4.0, Firebird 4.0 (Employee), Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL