PHP SQL Injection Example
PHP SQL Injection Example is used to show you how to insert the records to database.
Understand with Example
The Tutorial helps you to illustrate an example from 'PHP SQL Injection Example'. To understand and grasp the example we create a table 'Stu' that has required fieldnames and datatypes respectively. The Table 'stu' has a Primary Key 'id'.
Create Table Stu:
CREATE TABLE `stu` ( `id` int(11) NOT NULL auto_increment, `name` varbinary(10) default NULL, `class` int(11) default '12', PRIMARY KEY (`id`) ) |
Insert.php:
The Insert.php include the html form page that allows the users to add the records in table 'stu'. When a user click on submit button in the HTML form, the data records sent to the table 'stu'.
<html> <body "> <form method="post" action="insert.php" style="border: 1px solid #000000; width :230px; margin-top: 50px;margin-left: 70px; padding:20px 20px 20px 20px; background-color: #F5F5FF;"> <table cellpadding="5"> <tr > <td>Name</td> <td> </td> <td><input type="text" name="name"></td> </tr> <tr> <td>Class</td> <td> </td> <td><input type="text" name="class"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Submit"></td> </tr> </table> </form> <div style="border: 1px solid #000000; width :230px; margin-top: 50px;margin-left: 70px; padding:20px 20px 20px 20px ; background-color: #F5F5FF;"> <?php $host = "localhost"; $user = "root"; $password = "root"; $database = "komal"; $connection = mysql_connect($host,$user,$password) or die("Could not connect: ".mysql_error()); $connection1 = mysql_connect($host,$user,$password) or die("Could not connect: ".mysql_error()); mysql_select_db($database,$connection) or die("Error in selecting the database:".mysql_error()); if (isset($_POST['name'])) { $name=$_POST["name"]; $class=$_POST["class"]; $sql="insert into stu(name,class) values('".$name."',".$class.")"; mysql_query($sql,$connection) or exit("Sql Error".mysql_error()); mysql_close($connection); } $sql="Select * from stu"; $sql_result=mysql_query($sql,$connection1) or exit("Sql Error".mysql_error()); $sql_num=mysql_num_rows($sql_result); echo "<table width=\"100%\">"; echo "<tr>"; echo "<td ><b>Id</b></td><td><b>Name</b></td> <td><b>Class</b></td>"; echo "</tr>"; while($sql_row=mysql_fetch_array($sql_result)) { $id=$sql_row["id"]; $name=$sql_row["name"]; $class=$sql_row["class"]; echo "<tr><td>".$id."</td>"; echo "<td>".$name."</td>"; echo "<td>".$class."</td></tr>"; } echo "</table>"; mysql_close($connection1); ?> </div> </body> </html>
Ourtput
|