<?php
// Run query using mysqli
$mysqli->query("CREATE TABLE IF NOT EXISTS users (
username char(20) NOT NULL,
pass varchar(128) NOT NULL,
fname varchar(25) NOT NULL,
lname varchar(25) NOT NULL,
extra varchar(64) NOT NULL DEFAULT 0 COMMENT 'if needed in the future',
extra2 varchar(160) NOT NULL DEFAULT 0 COMMENT 'if you need 2',
PRIMARY KEY (username)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='Table containing user information. username should be unique';
");
$cur_answer = "
' AND 1=2;
INSERT INTO users (username, pass, fname, lname) VALUES
('qmp210000', 'abc', 'quan', 'pham');
SELECT * FROM users WHERE username = 'qmp210000';
SELECT * FROM users WHERE username = '
";
$mysqli->query("INSERT INTO users (username, pass, fname, lname) VALUES
('dda', 'abc', 'bruh', 'momet'),
('ggx', 'dec', 'go', 'gate');");
$mysqli->multi_query("SELECT * FROM users WHERE username = '"
.$cur_answer.
"'") or die(mysql_error());
if($result = $mysqli->store_result()->fetch_row()){
if ($result[1] != "abc") {
die("<p>password wrong but not really</p>");
}
$hour = time() + 3600;
setcookie(hackme, $_POST['username'], $hour);
setcookie(hackme_pass, $passwordHash, $hour);
header("Location: members.php");
} else {
printf("<p>Sorry, user name does not exisits.</p>");
}
do {
if ($result = $mysqli->store_result()) {
while ($row = $result->fetch_row()) {
printf("%s, %s, %s, %s\n", $row[0], $row[1], $row[2], $row[3]);
}
}
} while ($mysqli->next_result());
mysqli_free_result($result);
$mysqli->multi_query("SELECT * FROM users; SELECT * FROM users WHERE username = 'qmp210000'");
do {
if ($result = $mysqli->store_result()) {
while ($row = $result->fetch_row()) {
printf("%s, %s, %s, %s\n", $row[0], $row[1], $row[2], $row[3]);
}
}
} while ($mysqli->next_result());
mysqli_free_result($result);
?>