Question: Learning Outcome(s) 1.Build web applications using PHP or similar languages 2. Construct and manipulate web databases You have the following two tables in a MySQL
Learning Outcome(s) 1.Build web applications using PHP or similar languages 2. Construct and manipulate web databases You have the following two tables in a MySQL database called it230 orderstatuses users int (11) varchar(30) PK PK varchar(32) varchar(32) ordernumber user name statuS password You also have the following track.php page that allows a user to enter an order number and then connects to the database to return the status of that order. chtml>
/html> php if(isset( POST["order_number"])) Sconn mysqli_connect("localhost", "root", "", "it230): sq"SELECT status FROM order_statuses WHERE order_number-".$_POST["order_number"]i Sresultmysqli_query (Sconn, $sql); if (mysqli-num-rows($result) > 0) { row mysqli_fetch assoc(Sresult) echo "Your order is: ".$row"status"] else echo "We apologize, your order was not found" mysqli_close(Sconn); Suppose that a user types the following into the order number field in the page -1 union select concat(user name.' - '.password) as status from users 1. What will happen? [0.25 mark] 2. What do we call this type of attack? [0.25 mark] 3. Re-write track.php so, it prevents this attack. [1 mark]
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help