PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
create table scientist (id integer, firstname varchar(100), lastname varchar(100), password varchar(8)); insert into scientist (id, firstname, lastname, password) values (1, 'albert', 'einstein', 'emc2'); insert into scientist (id, firstname, lastname, password) values (2, 'isaac', 'newton', 'force'); insert into scientist (id, firstname, lastname, password) values (3, 'marie', 'curie', 'glowin'); SELECT * FROM scientist
Copy Clear
Copy Format Clear
<?php $username = "albert' or firstname <> 'albert'#"; $password = ""; if( strpos($username, "'" ) { printf('ERROR BAD CHAR!' . PHP_EOL); } $query = "SELECT * FROM scientist WHERE firstname = '" . $username . "' AND password = '" . $password . "'"; printf('Query is: %s ' . PHP_EOL, $query); // Run query using mysqli $result = $mysqli->query($query); printf('Result is:' . PHP_EOL); if (mysqli_num_rows($result) === 0) { printf('<nothing>' . PHP_EOL); } else { while (list($id, $firstname, $lastname, $password) = mysqli_fetch_array($result)) { echo "$firstname - $lastname - $password"."\r\n"; } } ?>
Show:  
Copy Clear