-
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
10.0.0.68432 -
how is SonarQube deployed: zip, Docker, Helm
docker -
what are you trying to achieve
testing out features -
what have you tried so far to achieve this
setup docker and basic PHP project
SQL injection not detected here
<?php
$foo = $_GET['foobar'];
// Create connection
$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, firstname, lastname FROM MyGuests or x = '$foo'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo "id: " . $row["id"] . " - Name: " . $row["firstname"] . " " . $row["lastname"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();