Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $user = 'root';
- $password = 'root';
- $db = 'SQL-Injection';
- $host = 'localhost';
- $port = 3306;
- $link = mysql_connect(
- "$host:$port",
- $user,
- $password
- );
- $db_selected = mysql_select_db(
- $db,
- $link
- );
- // dynamically build the sql statement with the input
- $userId = 1;
- $query = "SELECT id, user_id, car_name, car_model, car_model_year FROM cars WHERE user_id = $userId AND car_name = '$_GET[car_name]'";
- print_r($query);
- // execute the query against the database
- $result = mysql_query($query);
- if ($result) {
- while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
- echo '<pre>';
- print_r($row);
- echo '</pre>';
- }
- } else {
- die('<p>Error:' . mysql_error() . '</p>');
- }
- // iterate through the record set returned
- $row = 1;
- while ($db_field = mysql_fetch_assoc($result)) {
- if ($row <= $rowcount) {
- echo '<pre>';
- print_r($db_field);
- echo '</pre>';
- }
- $row++;
- }
Add Comment
Please, Sign In to add comment