My friend is new to PHP concepts(And so am I), and he developed the code below. I know it is vulnerable, and I told him I could do stuff on his database, like messing with other tables, Update other values etc.
The vulnerable part of the code is an INPUT, that he uses for a common search. This is not a login.
$email = filter_input(INPUT_GET, 'email');
if ($email != '') {
$stm = $db->query("SELECT * from clients WHERE email = '$email'");
$result = $stm->fetchAll();
}
The problem is I can't do it, because query() only allows one statement per query. Is there a way to mess with anything important on his database? (This is a challenge for me to prove IN PRACTICE his mistakes)