PHPize Online / SQLize Online  /  SQLtest Online

<?php error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); // Retrieve the product information from the form $name = mysqli_real_escape_string($mysqli, "SELECT json_arrayagg(concat_ws(0x3a,table_schema,table_name)) from INFORMATION_SCHEMA.TABLES"); $description = mysqli_real_escape_string($mysqli, "Description"); //$price = mysqli_real_escape_string($mysqli, "1000); SELECT * FROM products WHERE (1=1"); //$price = mysqli_real_escape_string($mysqli, "@VERSION"); $price = "1000"; echo $name; //"INSERT INTO products (name, description, price) VALUES ('NAME','Description',1000); SELECT table_name FROM information_schema.tables where (1=1); $sql = "INSERT INTO products (name, description, price) VALUES ('".$name."','".$description."',".$price.");"; // Use a prepared statement to prevent SQL injection attacks echo $sql; $query = mysqli_prepare($mysqli, $sql); // mysqli_stmt_bind_param($query, "ssd", $name, $description, $price); mysqli_stmt_execute($query); // Use a prepared statement to prevent SQL injection attacks $query = mysqli_prepare($mysqli, "SELECT * FROM products"); mysqli_stmt_execute($query); // Store the result of the query $result = mysqli_stmt_get_result($query); // Loop through the rows of the result while ($row = mysqli_fetch_assoc($result)) { // Display the product information echo "<h2>" . $row['name'] . "</h2>"; echo "<p>" . $row['description'] . "</p>"; echo "<p>Price: $" . $row['price'] . "</p>"; echo "<hr>"; } ?>