$id = $_GET['id']; $query = "SELECT * FROM products WHERE id = $id"; $result = mysqli_query($conn, $query); If the developer does not sanitize $id , an attacker could change the URL to:
index.php?id=1 UNION SELECT username, password FROM users inurl index php id 1 shop portable
Use this knowledge to build better, safer web applications. Experiment on deliberately vulnerable platforms like DVWA (Damn Vulnerable Web Application) or HackTheBox, not on live sites. $id = $_GET['id']; $query = "SELECT * FROM