Aaron Bloomfield (aaron@virginia.edu)
@github | ↑ |
Last name | First name | Userid | Year |
---|---|---|---|
Smith | Isabella | ias1s | 1 |
Johnson | Jacob | jbj2t | 2 |
Williams | Emma | ecw3u | 3 |
Jones | Ethan | edj4v | 4 |
Brown | Olivia | oeb5w | 1 |
Davis | Michael | mfd6x | 2 |
Miller | Sophia | sgm7y | 3 |
Wilson | William | whw8z | 4 |
show databases;
use <db>;
show tables;
describe <table>;
drop database <db>;
create table <table> [...];
create database <db>;
grant [...];
truncate <table>;
drop table <table>;
var userid = getUseridFromWebForm()
var query = "select * from course where userid='" +
userid + "';"
var result = databaseQuery (query)
doSomethingWithTheResult (result)
stripslashes()
to remove themExploits of a Mom
From hackaday.com
Specifies the HTML document version
Beginning of the HTML text
Beginning of the head section (contains document info, but not the document content itself)
The title of the document
End of the head section
Beginning of the body section (contains the actual document text)
The (one line of) document text in paragraph tags
End of the body section
End of the HTML text
<!--
and ends with -->
is a commentWe’ve all seen HTML forms:
<form action="/action_page.php">
First name: <input type="text" name="firstname"><br>
Last name: <input type="text" name="lastname"><br>
<input type="submit" value="Submit">
</form>
action="/action_page.php"
: specifies the script to receive the form datamethod="post"
: how the data is sent
enctype="multipart/form-data"
: if you are uploading files or attachmentsLots of different ones (image from OpenTechSchool):
There are also hidden input fields:
<!doctype html>
<html>
<head>
<title>Basic web page</title>
<script>
var balance=1;
</script>
</head>
<body>
<p>Hello Aaron!</p> <!-- name from user input -->
<p>Your account balance is
<!-- newly added code follows -->
<script>
document.write(balance);
</script>
</p>
</body>
</html>
Output: Hello, Aaron! Your account balance is 1
\n
), which can also be represented as ‘%0a’<!doctype html>
<html>
<head>
<title>Basic web page</title>
<script>
var balance=1;
</script>
</head>
<body>
<p>Hello <script>
balance=1000000;
</script>Aaron!</p>
<p>Your account balance is
<script>
document.write(balance);
</script>
</p>
</body>
</html>
Output: Hello Aaron! Your account balance is 1000000
http://www.nowhere.abc/printinfo.php?name=<script>\nbalance=1000000;\n</script>Aaron
<form action="https://site.com/post.php" method="post">
<input type="hidden" name="title" value="abcd">
<input type="hidden" name="content"
value="Lorem.ipsum">
<input type="submit" value="Submit">
</form>
This is based on the form from the HTML and Javascript primer section:
Comments
//
, it is a comment until the end of the line