SQL Injection DROP TABLE not working

I need to demonstrate SQL Inject using PHP/MySQL. I want to inject a DROP TABLE query in a login form but it never works. (TRUNCATE table works fine OTOH). After I input '; drop table users; # as field input; query turns out to be

SELECT * FROM `users` WHERE `email` = ''; DROP TABLE users; #' AND `password` LIKE '3232';

But it never works using mysql_query() function. When I copy/paste this query in PHPmyAdmin directly, it works perfectly and table gets dropped. What can be the issue?

Solution

This is not possible in php/MySQL as php does not support stacked queries. The moment you inject semicolon (;) it will fail.

You can do many other much more creative exploits using sql injection in a php-mysql application though.

Enumerate all databases
Table Names and Column Names
Values stored in tables
Upload a php backdoor

Check Out for SQL-Map as well.

Will modifying the primary key type using ALTER in MySQL reset the auto-increment value to 0?
Auto-increment is not resetting in MySQL
Php update database if checkbox is not checked
Retrieve 10 records from MySQL?
how to use str_to_date (MySQL) to parse two-digit year correctly
sum column value(s) if previous values has same value with current value from the same table in mysql
JDBC connection without database definition
Checking connection to MySQL (Java)
WARN: Establishing SSL connection without server's identity verification is not recommended
how to solve django.db.utils.NotSupportedError in django
How to make an Inner Join in django?
Can I order by a conditional combination of fields in MySQL?
Select from 2 tables in the last 30 days, return 0 if null/not exist
Can't connect to local MySQL server through socket '/var/mysql/mysql.sock' (38)
Access denied for user 'root@localhost' (using password:NO)
Watching a table for change in MySQL?
table is specified twice both as a target for INSERT and as separate source of data
Python Mysql, "commands out of sync; you can't run this command now"
Does Laravel's "soft_delete" need index on MySQL?
How do I access a field from the main query inside a sub query in mySQL?
Not getting unpaid or partially paid records some can help me?
Warning: The post-install step did not complete successfully when trying to install mysql using brew in Mac OS High Sierra
MySQL Entity Attribute Value table structure proposal
CodeIgniter SELECT query on table with JOIN and WHERE IN a subquery
is there a MYSQL tables schema for storing raw material, intermediate and final products?
MySQL: Total GROUP BY WITH ROLLUP curiosity
Problem with pip install mariadb - mariadb_config not found
nodejs mysql memory leak on large volume of high frequency queries
`MODIFY COLUMN` vs `CHANGE COLUMN`
Displaying BLOB image from Mysql database into dynamic div in html