query = "SELECT * FROM users WHERE username='admin' UNION SELECT null, password,

1. query = "SELECT * FROM users WHERE username='admin' UNION SELECT null, password, null FROM users where username='admin' -- AND password='[User Input]some_password'"
2. result = db.execute(query).fetchallI()
3.  
4. # Then checks if the password input is equal to query output
5. row = result[0]
6. if row["password"] == password: # Problematic password check
7. try:
8. session["user_id"] = int(row["id"])
9. session["username"] = row["username"]
10. return redirect(url_for("bank.index"))