Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $user = 'root';
- $password = 'root';
- $db = 'SQL-Injection';
- $host = 'localhost';
- $port = 3306;
- $link = mysql_connect(
- "$host:$port",
- $user,
- $password
- );
- $db_selected = mysql_select_db(
- $db,
- $link
- );
- // dynamically build the sql statement with the input
- $query = "SELECT COUNT(user_id) FROM cars WHERE car_name = '$_GET[car_name]'";
- // execute the query against the database
- $result = mysql_fetch_row(mysql_query($query));
- if ($result[0]) {
- print_r($result[0] . ' cars');
- } else {
- print_r('Nothing to show');
- }
Add Comment
Please, Sign In to add comment