Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialMr. Valdemar
Courses Plus Student 13,620 PointsCan i see please the code that you have to paste on the url to see the version?
testing
3 Answers
Sean T. Unwin
28,690 Pointsphpinfo.php
An example is if you're using XAMPP, you would type, http://localhost/xampp/phpinfo.php
in the address bar.
ivomiranda
30,286 Points?id=-2%20union%20select%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version(),%20sqlite_version()
Stefan Hoffmann
24,811 PointsIn the first part of the modification to avoid Sql Injection id is converted to an integer. Therefor the test at the end is not very impressive, because the intval already takes care of the malicious code. It cannot be executed anymore.
To demonstrate that prepare helps against sql injection the two modifications should be tested one after another and independently of each other.
That would be more convincing. Especially to people that want to save strings to the database. Prepare escapes, thus makes them secure.
ivomiranda
30,286 Pointsivomiranda
30,286 PointsHe is talking about sqlinjection :P