Question: You have the following two tables in a MySQL database called it230 . You also have the following track.php page that allows a user to

You have the following two tables in a MySQL database called it230.

You have the following two tables in a MySQL database called it230.You also have the following track.php page that allows a user to

You also have the following track.php page that allows a user to enter an order number and then connects to the database to return the status of that order.

enter an order number and then connects to the database to return

-1 union select concat(user_name,'-',password) as status from users;

Suppose that a user types the following into the order number field in the page:

What will happen?

What do we call this type of attack?

Re-write track.php so, it prevents this attack.

order statuses PK order number int(11) status varchar(30) order statuses PK order number int(11) status varchar(30)

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

The MZ Mortgage Company is issuing a CMO with three tranches. The A tranche will consist of $40.5 million with a coupon of 8.25 percent. The B tranche will be issued with a coupon of 9.0 percent and...

Q:

Learning Outcome(s) 1.Build web applications using PHP or similar languages 2. Construct and manipulate web databases You have the following two tables in a MySQL database called it230 orderstatuses...

Q:

1.5 Mark Question I wo You have the following two tables in a MySQL database called it230 order statuses user PK int(11) varchar(30) PK varchar(32) varchar(32) user name You also have the following...

Q:

Hello this question is related to Web Technologies Please, don't answer with your handwriting Thank you You have the following two tables in a MySQL database called it230 order statuses userS PK...

Q:

Question Two You have the following two tables in a MySQL database called it230 order statuses userS int (11) varchar(30) PK PK varchar(32) varchar(32) order number user name statuS password You also...

Q:

Consider a university database that is used to keep track of departments and professors. The database has two tables only, one for professors called PROFESSOR and a second one for the de- partments...

Q:

CS 5 3 0 : Developing User Interfaces Assignment 2 Goals This assignment asks you to continue developing your web site for Drexel Bikes , specifically in adding several features to make it a more...

Q:

I really need help before tomorrow or at least by tomorrow night. I have been working on this for days and still can't get it to run properly. I really need assistance. Here is the question that I...

Q:

Database Administration CHAPTER OBJECTIVES I Understand the need for and importance of database I ttno'illI the meaning of ACID transaction administralin - Learn the tour 1992 ANSI standard isolation...

Q:

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

Q:

Before you do the exercises If you havent already done so, you should create a folder in your personal drive for all the exercises. This set of exercises requires a functioning webserver to interpret...

Q:

An Executive Secretary is in charge of meeting with clients when they arrive A time study of the interactions showed that the administrator spent 2 minutes greeting the clients and 8 minutes...

Q:

In a partnership firm there are two partners - X and Y. They share profit in the ratio of 55% and 45%. X contributed capital of $180,000 and Y contributed $160,000. Partnership Agreement says...

Q:

P 1 0 - 9 Contribution Margin and Break - Even Analysis Grand Canyon Manufacturing Inc. produces and sells a product with a unit price of $ 1 0 0 . The following cost data have been prepared for its...

Q:

This program is for Python 3.5 Create a program that will roll dice for a dice game. For this you will have to use sys. argv to accept a bunch of dice strings formatted as xdy. In this string Y is an...

Q:

What would happen to the stated sizes of Federal budget deficits or surpluses if the current annual additions or subtractions from the Social Security trust fund were excluded?

Q:

Which two of the following financial institutions offer checkable deposits included within the M 1 money supply: mutual fund companies; insurance companies; commercial banks; securities firms; thrift...

Q:

LAST WORD Over the years, the Federal Reserve Banks have printed many billions of dollars more in currency than U.S. households, businesses, and financial institutions now hold. Where is this missing...