<!-- SEED Lab: SQL Injection Education Web plateformAuthor: Kailiang YingE

1. <!--
2. SEED Lab: SQL Injection Education Web plateform
3. Author: Kailiang Ying
4. Email: kying@syr.edu
5. -->
6.  
7. <!DOCTYPE html>
8. <html>
9. <body>
10.  
11.  
12. <?php
13. session_start();
14. $input_email = $_GET['Email'];
15. $input_nickname = $_GET['NickName'];
16. $input_address= $_GET['Address'];
17. $input_pwd = $_GET['Password'];
18. $input_phonenumber = $_GET['PhoneNumber'];
19. $input_id = $_SESSION['id'];
20. $conn = getDB();
21.  
22. // Don't do this, this is not safe against SQL injection attack
23.  
24. $stmt = $conn->prepare("UPDATE credential SET nickname = ?, email = ?, address = ?, PhoneNumber = ? WHERE ID = ?");
25.  
26. if($input_pwd!=''){
27. $input_pwd = sha1($input_pwd);
28. $stmt = $conn->prepare("UPDATE credential SET nickname = ?, email = ?, address = ?, Password = ?PhoneNumber = ? WHERE ID = ?");
29. $stmt->bind_param("sssssi", $input_nickname, $input_email, $input_address, $input_pwd, $input_PhoneNumber, $input_id);
30. }else{
31. $stmt->bind_param("ssssi", $input_nickname, $input_email, $input_address, $input_PhoneNumber, $input_id);
32. $stmt = $conn->prepare("UPDATE credential SET nickname = ?, email = ?, address = ?, PhoneNumber = ? WHERE ID = ?");
33. }
34.  
35. $stmt->execute();
36.  
37.  
38. //$stmt->bind_result($bind_id, $bind_name, $bind_eid, $bind_salary, $bind_birth, $bind_ssn, $bind_phoneNumber, $bind_address, $bind_email, $bind_nickname, $bind_Password);
39.  
40. // $stmt->fetch();
41.  
42. $conn->close();
43.  
44. header("Location: unsafe_credential.php");
45.  
46. exit();
47.  
48. function getDB() {
49. $dbhost="localhost";
50. $dbuser="root";
51. $dbpass="seedubuntu";
52. $dbname="Users";
53.  
54.  
55. // Create a DB connection
56. $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
57. if ($conn->connect_error) {
58. die("Connection failed: " . $conn->connect_error . "\n");
59. }
60. return $conn;
61. }
62.  
63. ?>
64.  
65. </body>
66. </html>