This question already has an answer here:
How to perform SQL Injection
in the context of Insert query
or Select query
? Any help would be appreciated.
</div>
This question already has an answer here:
How to perform SQL Injection
in the context of Insert query
or Select query
? Any help would be appreciated.
</div>
First of all, don't use mysql_, use mysqli_.
Second, that's because you can't put two queries inside the mysql_query()
. Otherwise they would have named it mysql_queries()
Just make two seperate queries. Here's the docs.
Here is a basic example from the manual on its usage:
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if ($mysqli->connect_errno) {
printf("Connect failed: %s
", $mysqli->connect_error);
exit();
}
/* Create table doesn't return a resultset */
if ($mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City") === TRUE) {
printf("Table myCity successfully created.
");
}
/* Select queries return a resultset */
if ($result = $mysqli->query("SELECT Name FROM City LIMIT 10")) {
printf("Select returned %d rows.
", $result->num_rows);
/* free result set */
$result->close();
}
/* If we have to retrieve large amount of data we use MYSQLI_USE_RESULT */
if ($result = $mysqli->query("SELECT * FROM City", MYSQLI_USE_RESULT)) {
/* Note, that we can't execute any functions which interact with the
server until result set was closed. All calls will return an
'out of sync' error */
if (!$mysqli->query("SET @a:='this will not work'")) {
printf("Error: %s
", $mysqli->error);
}
$result->close();
}
$mysqli->close();