Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $host = "localhost";
- $user = "root";
- $password = "";
- $database = "test";
- $con = mysqli_connect("$host", "$user", "$password", "$database");
- session_start();
- if (!$con) {
- echo "Error: Unable to connect to MySQL." . PHP_EOL;
- echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
- exit;
- }
- function preventInj($data){
- $error = 0;
- if(strpos($data,"'")!==false)
- $error = 1;
- if(strpos($data,'"')!==false)
- $error = 1;
- if(strpos(strtolower($data),'select')!==false)
- $error = 1;
- if(strpos(strtolower($data),'delete')!==false)
- $error = 1;
- if(strpos(strtolower($data),'update')!==false)
- $error = 1;
- if(strpos(strtolower($data),'union')!==false)
- $error = 1;
- if($error==1){
- echo json_encode(['status' => 'error', 'msg' => "Invalid data"]);
- }else return $data;
- }
- $id = preventInj($_REQUEST['id']);
- $sql_query="SELECT * FROM admin WHERE id='$id'";
- $result_set=mysqli_query($con,$sql_query);
- if(mysqli_num_rows($result_set)>0)
- {
- while($row=mysqli_fetch_row($result_set))
- {
- echo $row[1].'<br>';
- //echo $row[2].'<br>';
- //echo $row[3].'<br>';
- }
- }else{
- echo 'No ID parameter! ';
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement