Hi I want to show sql injection vulnerability through form input using PHP and MYSQL. Any suggestion how to go about.
Thanks
mysql_query("INSERT INTO `table` (`column`) VALUES ('$inject_variable')");
If you have query like this you can insert something like value'); DROP TABLE table;-- to the $inject_variable to test the injection.
Hence, your SQL query will became this:
INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')
This will allow other users to drop the table.
You can use Kali Linux to hack into the php website. Here is a tutorial on how to do that.