Currently I a learning about SQL injection, I attempted
test ="'); DROP TABLE users; '";
It drings up the error message
mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\Program Files (x86)\EasyPHP-DevServer-14.1VC9\data\localweb\my portable files\sqlinjection\login.php on line 18
Login code
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$errors = array();
if ($username&&$password)
{
$connect = mysql_connect("localhost","root","") or die ("Could not connect");
mysql_select_db ("login") or die ("Could not find database");
$query = mysql_query("SELECT * FROM users WHERE username ='$username'");
$numrows = mysql_num_rows($query);
if ($numrows !=0)
{
while ($row =mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
echo header( 'Location: member.php' ) ;
$_SESSION['username']=$dbusername;
}
else
echo "Incorrect password";
}
else
die("That user dosen't exist");
}
else
die("Please enter a username and a password");
?>
Where am I going wrong or is this the expect result? I looked on my database and the table is there so I had guessed it was wrong. UPDATED to show login code.
if you query is:
"SELECT * FROM users WHERE username ='$username'"
then your username variable should be:
$username = "foo'; DROP TABLE users;";
In this case your final query become:
"SELECT * FROM users WHERE username ='foo'; DROP TABLE users;"
To prevent this injection you should use parameters or at least use a server function that remove all special chars from your variable before including it to your query (see: How can I prevent SQL-injection in PHP?)