SQL injection в PHP реальный пример
SQL injection в PHP реальный пример
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$title=$_POST['title']; $genre=$_POST['genre']; $actor=$_POST['actor']; mysqli_query($connect,"INSERT INTO movies(title,genre,actor) VALUES('$title','$genre','$actor')"); if(mysqli_affected_rows($connect) > 0){ echo "<p>Movie Added</p>"; echo "<a href='searchdisplay.php'>Search for movies!</a>"; } else { echo "Movie NOT Added<br />"; echo mysqli_error ($connect); } |
%0A%09%09%09%09VALUES(%26%2339%3B%24title%26%2339%3B%2C%26%2339%3B%24genre%26%2339%3B%2C%26%2339%3B%24actor%26%2339%3B)%26%2334%3B)%3B%0A%09%09%09%09%09%0Aif(mysqli_affected_rows(%24connect)%20%26gt%3B%200)%7B%0A%09echo%20%26%2334%3B%26lt%3Bp%26gt%3BMovie%20Added%26lt%3B%2Fp%26gt%3B%26%2334%3B%3B%0A%09echo%20%26%2334%3B%26lt%3Ba%20href%3D%26%2339%3Bsearchdisplay.php%26%2339%3B%26gt%3BSearch%20for%20movies!%26lt%3B%2Fa%26gt%3B%26%2334%3B%3B%0A%7D%20else%20%7B%0A%09echo%20%26%2334%3BMovie%20NOT%20Added%26lt%3Bbr%20%2F%26gt%3B%26%2334%3B%3B%0A%09echo%20mysqli_error%20(%24connect)%3B%0A%7D%0A){kind=small}
