Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $id = $_GET['id'];
- $id = str_replace(' ', '', $id);
- if (!preg_match('/^\d+$/m', $id)) {
- die('Lucifear!!!');
- }
- $id = preg_replace('/^[^\d]+$/', '', $id);
- $query = "SELECT * FROM `users` WHERE `id`=({$id})";
- $db = new PDO('mysql:dbname=pentest;host=127.0.0.1', 'pentest', '***');
- if (!$result = $db->query($query)) {
- die('Lucifear!!');
- }
- $records = $result->fetchAll(PDO::FETCH_OBJ);
- foreach ($records as $record): ?>
- <strong>Username:</strong> <?=$record->user?><br />
- <strong>Passname:</strong> <?=$record->pass?>
- <hr>
- <?php endforeach; ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement