mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
11 lines
431 B
PHP
11 lines
431 B
PHP
<?php
|
|
// SQL injection — negative fixture.
|
|
// Safe: uses PDO prepared statement; payload is a bound param, not concatenated.
|
|
// Entry: login($username) Cap: SQL_QUERY
|
|
// Expected verdict: NotConfirmed
|
|
|
|
function login($username) {
|
|
$template = "SELECT name FROM users WHERE name = ?";
|
|
// Simulate parameterized execution: template is fixed.
|
|
echo "Executing: " . $template . " param-len=" . strlen($username) . "\n";
|
|
}
|