PHP SQL Injection Example

PHP SQL Injection Example is used to show you how to insert the records to database.

PHP SQL Injection Example

PHP SQL Injection Example

     

PHP SQL  Injection Example is used to show you how to insert the records to database.

Understand with Example

The Tutorial helps you to illustrate an example from 'PHP SQL Injection Example'. To understand and grasp the example we create a table 'Stu' that has required fieldnames and datatypes respectively. The Table 'stu' has a Primary Key 'id'. 

Create Table Stu:

CREATE TABLE `stu` (                     
          `id` int(11) NOT NULL auto_increment,  
          `name` varbinary(10) default NULL,     
          `class` int(11) default '12',          
          PRIMARY KEY  (`id`)                    
        )

Insert.php:

The Insert.php include the html form page that allows the users to add the records in  table 'stu'. When a user click on  submit button in the HTML form, the data records sent to the table 'stu'.

<html>
<body ">
<form method="post" action="insert.php"
style="border: 1px solid #000000;
width :230px; margin-top: 
50px;margin-left: 70px;
padding:20px 20px 20px 20px; 
background-color: #F5F5FF;">
<table cellpadding="5">
<tr >
<td>Name</td>
<td>&nbsp;</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>Class</td>
<td>&nbsp;</td>
<td><input type="text" name="class"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>

</form>
<div style="border: 1px solid #000000; 
width :230px; margin-top: 
50px;margin-left: 70px;
padding:20px 20px 20px 20px ; 
background-color: #F5F5FF;">
<?php
$host = "localhost";
$user = "root";
$password = "root";
$database = "komal";
$connection = mysql_connect($host,$user,$password) 
or die("Could not connect: ".mysql_error());
$connection1 = mysql_connect($host,$user,$password) 
or die("Could not connect: ".mysql_error());
mysql_select_db($database,$connection) 
or die("Error in selecting the database:".mysql_error());

if (isset($_POST['name'])) {
$name=$_POST["name"];
$class=$_POST["class"];
$sql="insert into stu(name,class) 
values('".$name."',".$class.")";
mysql_query($sql,$connection) 
or exit("Sql Error".mysql_error());
mysql_close($connection);
}

$sql="Select * from stu";
$sql_result=mysql_query($sql,$connection1) 
or exit("Sql Error".mysql_error());
$sql_num=mysql_num_rows($sql_result);
echo "<table width=\"100%\">";
echo "<tr>";
echo "<td ><b>Id</b></td><td><b>Name</b></td> 
<td><b>Class</b></td>";
echo "</tr>";
while($sql_row=mysql_fetch_array($sql_result))
{
$id=$sql_row["id"];
$name=$sql_row["name"];
$class=$sql_row["class"];
echo "<tr><td>".$id."</td>";
echo "<td>".$name."</td>";
echo "<td>".$class."</td></tr>";
} 
echo "</table>";
mysql_close($connection1);
?>
</div>
</body>
</html>

Ourtput

Name  
Class  
   
Id Name Class
1 Ajay 12
2 Bhanu 12
3 Komal 12
4 Rakesh 12
5 Santosh 12
6 Tanuj 12
7 kk 12
8 ss 12
9 ss 12
10 komal 11
11 girish 12

Tutorials

  1. MySQL Injection
  2. PHP SQL Injection
  3. PHP SQL Injection Attack
  4. PHP SQL Injection Example