Databases
StackOverflow2013
Postsdbo
POOrder by SQL statement not working correctly
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POOrder by SQL statement not working correctly
    text
    copied!<p>TO BE CLEAR I AM DELIBERATELY TRYING TO INJECT INTO MY OWN SITE.</p> <p>I am trying to inject into one of my sites by using the order by statement to try and work out how many columns are in my table however I do not get any errors when I go greater than the number of columns I have.</p> <p>My code is a very simple form, which calls a php file and then runs an SQL query. </p> <p>Heres the php code:</p> <pre><code> &lt;?php $host="localhost"; // Host name $username="root"; // Mysql username $password="root"; // Mysql password $db_name="Hack"; // Database name mysql_connect("$host", "$username", "$password");//or die("cannot connect"); mysql_select_db("$db_name");//or die("cannot select DB"); $id = $_GET['id']; echo $id . "&lt;br /&gt;"; $qstr = "SELECT * from users WHERE username = '$id'"; echo "&lt;br /&gt;$qstr&lt;br /&gt;"; $query = mysql_query($qstr); $num = mysql_numrows($query); $count = 0; while ($count&lt;$num){ $id = mysql_result($query,$count,"id"); $username = mysql_result($query,$count,"username"); echo 'ID: ' . $id . '&lt;br&gt; Username: ' . $username . "&lt;br/&gt;"; $count++; } if($num==0){ echo "&lt;br /&gt;&lt;br /&gt;&lt;br /&gt;"; echo mysql_error(); } ?&gt; </code></pre> <p>Heres the form:</p> <pre><code>&lt;html&gt; &lt;h1&gt; Search &lt;/h1&gt; &lt;form method="get" action="search.php"&gt; &lt;input type="text" name="id"&gt; &lt;input type="submit" value="Search user"&gt; &lt;/form&gt; &lt;/html&gt; </code></pre> <p>Lastly heres the "order by" statements I am trying in the url:</p> <pre><code>http://localhost:8888/search.php?id=admin%20order%20by%204 </code></pre> <p>Please ignore the "%20" those are just spaces but chromes puts them in</p> <p>So my question is why does by "order by" not work?</p> <p>EDIT: Here is the SQL statement echoed out:</p> <pre><code>SELECT * from users WHERE username = 'admin order by 4' </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload