I am trying to drop a table within a database using SQL injection through PHP.
The PHP code submits a form to the Database with the following command and multi_query($sql):
$sql = "INSERT INTO Student (StdNumber, FName, LName, DOB, PhoneNumber)
VALUES ('$input1', '$input2', '$input3', '$input4', '$input5')";
So I thought, I can SQL Inject input5. So I use:
');"; $sql .= "DROP TABLE IF EXISTS Student;";-- -
This closes the previous sql statement, then I start another statement with 'sql .=' and then I comment off the rest of it with -- -
However the table isn't dropping. I am not seeing my injection command within input5 (PhoneNumber) in the database, so it is successfully closing the previous statement I would believe.
So I am not sure what is wrong, am I using multi_query incorrectly? or is my injection incorrect?
Thank you
Edit 1: Additionally, when I submit the form it accepts it and makes another entry into the database.
You are trying to manipulate the sql that is generated by the php, not the php itself.
So you should not add php to your 5th input:
');"; $sql .= "DROP TABLE IF EXISTS Student;";-- -
should be something like:
1234567890'); DROP TABLE IF EXISTS Student; -- the rest here will be comments in sql