PHP code
<?php
include "sql_and_php_debug.php";
mysql_connect("localhost", "level33", "Le/Sn6p3q+HrE12y5U8nLg==");
mysql_select_db("level33");
?>
<h1>Shop List</h1>
Try to dump the database through an SQL-injection<br/>(' is banned, " is banned, -- is banned, # is banned, /* is banned)
<?php
if (!isset($_GET['product_id'])) {
?>
<h2>Our products:</h2>
<?php
$res = debug_mysql_query("SELECT id, label FROM products");
while ($row = mysql_fetch_assoc($res)) {
echo "$row[id] — <a href='?product_id=$row[id]'>$row[label]</a><p/>";
}
} else {
?>
<h2>Product description</h2>
<a href='?'>« back</a><p/>
<?php
if (preg_match('/\'|"|--|#|\/\*/s', $_GET['product_id'])) {
echo "Hacking attempt! Denied.";
} else {
$res = debug_mysql_query("SELECT * FROM products WHERE id = " . $_GET['product_id']);
$row = mysql_fetch_assoc($res);
echo "<h3>$row[label]</h3><p/>$row[description]";
}
}