Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP Integrating PHP with Databases Using Relational Tables Understanding SQL Injections

Posted by jlampstack
jlampstack
23,932 Points

SQL Injection Not Working?

For the fun of better understanding how SQL injections work, I decided to try an SQL injection of my own but it won't work.

I copied Alena's SQL injection exactly as is, but nothing happens? WHY? 

details.php?id=2;DROP TABLE Media

I am using phpMyAdmin database via XAMPP and my project is being served on localhost. Not sure if this makes a difference?

1 Answer

Adriana Dodge
Adriana Dodge
4,680 Points
Adriana Dodge
Adriana Dodge
4,680 Points

mistake when she adds media_id to the single_item_array function. the function should have Media.media_id on the select.

function single_item_array($id){
    include("connection.php");
    try{
    $results = $db->query("SELECT Media.media_id, title, category, img, format, year, 
          publisher, isbn, genre
          FROM Media
          JOIN Genres ON Media.genre_id=Genres.genre_id
          LEFT OUTER JOIN Books 
          ON Media.media_id = Books.media_id
          WHERE Media.media_id = $id");
   // echo"retreived Results";
    }catch(Exception $e){
        echo "Unable to retrieve results";
        exhit;
    }

    $catalog = $results->fetch();
    return $catalog;
}