PHPprogramming~15 mins

How SQL injection exploits unsafe queries in PHP - Try It Yourself

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

How SQL injection exploits unsafe queries

📖 Scenario: You are building a simple PHP script that queries a database for user information based on a username input. This project will show how unsafe SQL queries can be exploited by SQL injection.

🎯 Goal: Create a PHP script that demonstrates an unsafe SQL query vulnerable to SQL injection, then show how an attacker can exploit it by entering a malicious username.

📋 What You'll Learn

Create a variable $username with a sample user input string

Create a variable $query that builds an SQL query string using $username directly

Simulate an attacker input that exploits the unsafe query

Print the final SQL query string to show the injection effect

💡 Why This Matters

🌍 Real World

Web applications often take user input to query databases. If this input is not handled safely, attackers can exploit it to steal or damage data.

💼 Career

Understanding SQL injection is critical for developers and security professionals to build safe applications and protect user data.

Progress0 / 4 steps

DATA SETUP: Create a user input variable

Create a variable called $username and set it to the string 'alice' to simulate a normal user input.

PHP

# Your code here

Need a hint?

Use $username = 'alice'; to store the username.

CONFIGURATION: Build an unsafe SQL query string

Create a variable called $query that builds an SQL query string by directly inserting the $username variable inside the query without any safety measures. Use double quotes and write: SELECT * FROM users WHERE username = '$username'.

PHP

<?php
$username = 'alice';
# Your code here

Need a hint?

Use double quotes and insert $username inside single quotes in the query string.

CORE LOGIC: Simulate an attacker input exploiting SQL injection

Change the $username variable to the string 'alice' OR '1'='1' to simulate an attacker input that exploits the unsafe query.

PHP

<?php
$username = 'alice';
$query = "SELECT * FROM users WHERE username = '$username'";
# Your code here

Need a hint?

Set $username to "alice' OR '1'='1" including the quotes inside the string.

OUTPUT: Print the final SQL query string

Write a print statement to display the value of the $query variable.

PHP

<?php
$username = "alice' OR '1'='1";
$query = "SELECT * FROM users WHERE username = '$username'";
# Your code here

Need a hint?

Use print($query); to show the final query string.