Jeff-Cycode-Test-Org · jeff-cycode · Sep 8, 2024 · Oct 16, 2025
diff --git a/jwr-low.php b/jwr-low.php
@@ -0,0 +1,61 @@
+
+<?php
+
+if( isset( $_GET[ 'Submit' ] ) ) {
+	// Get input
+	$id = $_GET[ 'id' ];
+	$exists = false;
+
+	switch ($_DVWA['SQLI_DB']) {
+		case MYSQL:
+			// Check database
+			$stmt = $GLOBALS["___mysqli_ston"]->prepare("SELECT first_name, last_name FROM users WHERE user_id = ?");
+			$stmt->bind_param("i", $id);
+			try {
+				$stmt->execute();
+				$result = $stmt->get_result();
+			} catch (Exception $e) {
+				print "There was an error.";
+				exit;
+			}
+
+			$exists = false;
+			if ($result !== false) {
+				try {
+					$exists = (mysqli_num_rows( $result ) > 0);
+				} catch(Exception $e) {
+					$exists = false;
+				}
+			}
+			((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
+			break;
+		case SQLITE:
+			global $sqlite_db_connection;
+
+			$stmt = $sqlite_db_connection->prepare("SELECT first_name, last_name FROM users WHERE user_id = :id");
+			$stmt->bindValue(':id', $id, SQLITE3_INTEGER);
+			try {
+				$result = $stmt->execute();
+				$row = $result->fetchArray();
+				$exists = $row !== false;
+			} catch(Exception $e) {
+				$exists = false;
+			}
+
+			break;
+	}
+
+	if ($exists) {
+		// Feedback for end user
+		$html .= '<pre>User ID exists in the database.</pre>';
+	} else {
+		// User wasn't found, so the page wasn't!
+		header( $_SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' );
+
+		// Feedback for end user
+		$html .= '<pre>User ID is MISSING from the database.</pre>';
+	}
+
+}
+
+?>