I was checking my webpages for SQL Injection, when the main pages didn't responded to it, I created a test script:
<?
$a = $_POST["a"];
$username="...";
$password="...";
$database="...";
mysql_connect ('...',$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$ress=mysql_query("SELECT username FROM userinfo WHERE id='$a'");
$row = mysql_fetch_array($ress);
print $row[0];
?>
<form name="form" action="hackMe.php" method="POST">
<input id="a" name="a" size="150">
<input name="Submit" type="submit" value="Submit">
</form>
But when I try this line:
'; UPDATE userinfo SET email = 'steve@unixwiz.net' WHERE email = 'testusr@gmail.com
I just get an error, and no change in the database.
Any ideas why?