Question: Figure 5 Explain why the code given in Figure 5 above , is vulnerable to SQL Injection and cross-site scripting attacks. Give an example scenario

Figure 5

$servername = "localhost";

$username = "me";

$password = "!myPa$$";

$dbname = "mydb";

if(isset($_POST["uname"], $_POST["upass"])) {

$conn = new mysqli($servername, $username, $password, $dbname);

if (!$conn->connect_error) {

die("Connection failed: " . $conn->connect_error);

}

$query = "select * from user where uname='$_POST[uname]' AND upass='$_POST[upass]'";

$result = $conn->query($query);

}

?>

Explain why the code given in Figure 5 above, is vulnerable to SQL Injection and cross-site scripting attacks.

Give an example scenario to demonstrate your analysis in the previous question.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Crusty Do Possibl Liquor Student Competitors Competitors Store Size Seating License Population within 2 Miles within 5 Miles s = small Y = yes Y = yes Number Number Number M = medium N = No N = No L...

Q:

Hello, you already did chapter 1 and 2 of my MASTERS Thesis already for me. (See attached) So normally you know masters thesis consist of 5 chapters right ??..... But in this case my thesis will be 4...

Q:

Draw the following quadrilateral after a translation 3 units to the left and 3 units up. .. . . . i .. .. .. . . .. ... ...a . . . . . . .. . . . . .! . . .. . . . . . . . X 5 -! . " . . .." .... .....

Q:

Ballard Integrated Managed Services, Inc., Part 2 QNT/351 Version 4 1 Ballard Integrated Managed Services, Inc., Part 2 The initial survey effort led by Debbie Horner, HR manager of Ballard...

Q:

Figure 3. GPA study data. You can download the GPAs spreadsheet and use it for the exercises. Step 1: Analyzing the Grades Sue thinks that students are more motivated to do well in their major...

Q:

JUUSULW.ICUSCI Abstract Brooks Hamilton recently completed his third year in college and has just started a summer internship at a prestigious Wall Street investment firm. The investment firm is very...

Q:

The figure below has a point marked with a large dot. First, translate the figure 6 units to the left and 5 units down. Then, give the coordinates of the marked point in the original figure and the...

Q:

Using Savings Matrix Method and distance using Google Maps solve the following Niazi Express Cargo service has been operating since the inception of Daewoo Express in Pakistan. Its Cargo Setups,...

Q:

Using Savings Matrix Method and distance using Google Maps solve the following Niazi Express Cargo service has been operating since the inception of Daewoo Express in Pakistan. Its Cargo Setups,...

Q:

Unit 7 Assignment- Final This assessment addresses the following course objective(s): Apply the accounting vocabulary Record various business transactions in accordance with generally accepted...

Q:

14. Figure 3, shows a graph of y=x+x-6

Q:

If liquidation is imminent for an entity, then a company must use the liquidation basis of accounting. The rules for the liquidation basis of accounting were set forth in AS U 2013- 07 and...

Q:

3 Why did Menendez consider the threat of nearby French and English settlement so dangerous?

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

7. Immediately notify employees of changes. Be sure to develop a process for maintaining the handbook and letting employees know when things change. While an online handbook can be easily updated, it...

Q:

8. Keep a few printed copies available. Some employees are not comfortable with technology and may prefer a hard copy of the handbook. Print a few and let employees know that they are available on an...

Q:

1. Put the acknowledgment up front. Set up the handbook so that employees must first read all disclaimers and complete an acknowledgment before gaining access to the handbook contents.