Here is a short video I put together to show the perspective of a PHP developer writing an application that makes MySQL queries as well as a BlackHat hacker who wants to steal data utilizing MySQL injection. I am running Kali Linux as an attacker and CentOS as a PHP developer/application host.
It takes you through a short bit of PHP development as well as creating a MySQL database table containing data. The PHP development bit shows a simple PHP application that fetches the data and echo’s it out leaving the ID parameter open to MySQL injection. Then after creating the application I go into detail about sqlmap and how basic it is to steal data.