I HAVE EDIT MY ANY OLD QUESTION,
I have written this code.
<!DOCTYPE html>
<html>
<center><h1>csrf testing</h1 >
<form action="">
<input type="submit" onclick="" value="go">
</form>
<script>
var params = "email=nlkm&username=asc&csrf_token=&go=go";
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function(){
if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200 ){
var xhr2 = new XMLHttpRequest();
xhr2.open("POST", "useredit.php", false);
xhr2.setRequestHeader("Content-Type", "x-www-form-urlencoded");
xhr2.send(params);
}
};
xhr.open("GET", "useredit.php", false);
xhr.send();
</script>
</html>
Now, the problem is that when my second request fire up, then the response was same as the response to first request. Confused? Okay, **I have a form which submits some parameter and also a csrf token.
Now on that code, there are two requests**1st one, is GET request to on the user edit page and the 2nd one is POST request Which submits the form which is on the user edit page and the response of the form will result on the same page.
Now, when I submit the form through this code without providing the csrf token, the response was same as my response to the 1st request. It should response that the token is invalid but it didn't.
Then What is the problem here? Hope you understand that now?
Put quotes in the query string.
$sql2 = "SELECT * FROM userinfo WHERE email ='".$_GET['userid']."'";
So if $_GET['userid'] == "[email protected]", the value of $sql2 will be:
"SELECT * FROM userinfo WHERE email ='[email protected]'"
with quotes around the input value.
In your version the value would be:
"SELECT * FROM userinfo WHERE email [email protected]"
which is invalid SQL.