sql

1. <?php
2. $host = "localhost";
3. $user = "root";
4. $password = "";
5. $database = "test";
6. $con = mysqli_connect("$host", "$user", "$password", "$database");
7. session_start();
8. if (!$con) {
9.     echo "Error: Unable to connect to MySQL." . PHP_EOL;
10.     echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
11.     exit;
12. }
13.  
14. function preventInj($data){
15.     $error = 0;
16.     if(strpos($data,"'")!==false)
17.         $error = 1;
18.     if(strpos($data,'"')!==false)
19.         $error = 1;
20.     if(strpos(strtolower($data),'select')!==false)
21.         $error = 1;
22.     if(strpos(strtolower($data),'delete')!==false)
23.         $error = 1;
24.     if(strpos(strtolower($data),'update')!==false)
25.         $error = 1;
26.     if(strpos(strtolower($data),'union')!==false)
27.         $error = 1;
28.  
29.     if($error==1){
30.         echo json_encode(['status' => 'error', 'msg' => "Invalid data"]);
31.     }else return $data;
32. }
33.  
34. $id = preventInj($_REQUEST['id']);
35. $sql_query="SELECT * FROM admin WHERE id='$id'";
36. $result_set=mysqli_query($con,$sql_query);
37.  
38. if(mysqli_num_rows($result_set)>0)
39. {
40.     while($row=mysqli_fetch_row($result_set))
41.     {
42.         echo $row[1].'<br>';
43.         //echo $row[2].'<br>';
44.         //echo $row[3].'<br>';
45.     }
46. }else{
47.     echo 'No ID parameter! ';
48. }