-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvulnerable_app.php
More file actions
executable file
·51 lines (50 loc) · 1.29 KB
/
vulnerable_app.php
File metadata and controls
executable file
·51 lines (50 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<!DOCTYPE html>
<html>
<head>
<title>Hardware Store</title>
<meta charset="utf-8">
</head>
<body>
<h1>Katie's Hardware</h1>
<form action="" method="GET">
<input type="text" name="search">
<input type="submit" name="submit" value="Search">
</form>
<?php
if (isset($_GET['search'])) {
$host = "localhost";
$db = "hardware_store";
$user = "root";
$pwd = "ch@ng3dt00r";
$link = new mysqli($host, $user, $pwd, $db);
if ($link->connect_error) {
die("Connection failed: " . $link->connect_error);
}
$item = $_GET['search'];
$query = "SELECT * FROM products WHERE name LIKE '%$item%'";
$results = mysqli_query($link, $query);
// if ($results->num_rows === 0) {
// echo "<p>No results found</p>"
// }
while($row = mysqli_fetch_array($results))
{
echo '<table class="table table-striped table-bordered table-hover">';
echo "<tr><th>Name</th><th>Description</th><th>Cost</th><th>Availability</th></tr>";
// while($row = mysqli_fetch_array($results))
// {
// echo "<tr><td>";
// echo $row['name'];
// echo "</td><td>";
// echo $row['description'];
// echo "</td><td>";
// echo $row['price'];
// echo "</td><td>";
// echo $row['availability'];
// echo "</td></tr>";
// }
echo "</table>";
}
}
?>
</body>
</html>