ID | Name | Author | ";
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "". $row['BookID'] ." | " . $row['Name']." | " . $row['Author']. " |
\n";
}
echo "";
}
// Start the connection to the database
$db = mysql_connect('localhost', 'media', 'pass');
if (!$db) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("media") or die( "Unable to select database");
?>
SQL Injection
0)
{
$q = typecast($_POST['q'], 'string');
echo "Result for Author = [$q]\n";
$result = mysql_query("SELECT * FROM books WHERE Author = '$q'");
print_db($result);
}
if (isset($_POST['i']) && strlen($_POST['i']) > 0)
{
$i = typecast($_POST['i'], 'integer');
echo "Result for BookID = [$i]\n";
$result = mysql_query("SELECT * FROM books WHERE BookID = $i");
print_db($result);
}
?>
All the database