So, A user Visits a webpage, and finds a Nice Golden Watch With some Offer, and thinks He should purchase it.
He will click on the option which shows him the Golden Watch.Now what exactly is happening here after he clicks?
Okay This is what we will be discussing today.
I assume you have knowledge of HTML, The GET and POST Parameters, once he clicks on the option, A GET or A POST Request is being made, this parameter can be seen on the HTML Source Code, and stays in the <form> tag,
Ex:
<form method="GET/POST" action="somepage.php">
// Codes Here
// Codes Here
</form>
As a quick review the Difference between a GET and a POST is when GET method is used, the address bar shows what all information are passed, whereas with the POST Method, it stays hidden.
Now, Once the request is made, lets say a PHP script handles the Form request, which then connects to Database to fetch the result, and spit back to the browser.
This Picture should give a basic idea about the architecture:
Here is sample code what happens after the HTML form send the request, and then arrives to PHP scripts, for further processing:
<?php
// connects to the database
$conn = mysql_connect("localhost","username","password");
// dynamically build the sql statement with the input
$query = "SELECT * FROM Products WHERE id = '$_GET["val"]' ";
// execute the query against the database
$result = mysql_query($query);
// iterate through the record set
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
// display the results to the browser
echo "Description : {$row['ProductDescription']} <br>" .
"Product ID : {$row['ProductID']} <br>" .
"Price : {$row['Price']} <br><br>";
}
?>
So if we notice the PHP script, we see that, first It creates a connection to the database with username and password, then it builds the SQL Query that is to be passed to the database., next it fetches the results and then it echoes back to the users browser.
Now, if you have a question or if you had a thought waaoo, the username and password to connect to the database is right on the php script, so if we look at the php script we can get the username and password. Yes of course you are correct, only if you can see it, you cannot see a PHP script, PHP scripts are hidden by the browser.
So this was a basic 3 Tier Architecture that runs behind, there is also another Architecture which We will be discussing on the next post is the 4 Tier Architecture.
You must know these things before you start playing, because if you do not know these stuffs, you can never make or build your own Injecting queries.
Hope you are liking it. Thanks!
He will click on the option which shows him the Golden Watch.Now what exactly is happening here after he clicks?
Okay This is what we will be discussing today.
I assume you have knowledge of HTML, The GET and POST Parameters, once he clicks on the option, A GET or A POST Request is being made, this parameter can be seen on the HTML Source Code, and stays in the <form> tag,
Ex:
<form method="GET/POST" action="somepage.php">
// Codes Here
// Codes Here
</form>
As a quick review the Difference between a GET and a POST is when GET method is used, the address bar shows what all information are passed, whereas with the POST Method, it stays hidden.
Now, Once the request is made, lets say a PHP script handles the Form request, which then connects to Database to fetch the result, and spit back to the browser.
This Picture should give a basic idea about the architecture:
www.sqlihack.blogspot.com-3 tier architecture |
<?php
// connects to the database
$conn = mysql_connect("localhost","username","password");
// dynamically build the sql statement with the input
$query = "SELECT * FROM Products WHERE id = '$_GET["val"]' ";
// execute the query against the database
$result = mysql_query($query);
// iterate through the record set
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
// display the results to the browser
echo "Description : {$row['ProductDescription']} <br>" .
"Product ID : {$row['ProductID']} <br>" .
"Price : {$row['Price']} <br><br>";
}
?>
So if we notice the PHP script, we see that, first It creates a connection to the database with username and password, then it builds the SQL Query that is to be passed to the database., next it fetches the results and then it echoes back to the users browser.
Now, if you have a question or if you had a thought waaoo, the username and password to connect to the database is right on the php script, so if we look at the php script we can get the username and password. Yes of course you are correct, only if you can see it, you cannot see a PHP script, PHP scripts are hidden by the browser.
So this was a basic 3 Tier Architecture that runs behind, there is also another Architecture which We will be discussing on the next post is the 4 Tier Architecture.
You must know these things before you start playing, because if you do not know these stuffs, you can never make or build your own Injecting queries.
Hope you are liking it. Thanks!