Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $query = DB::query(Database::UPDATE,'UPDATE user SET session = :session WHERE username = :username AND password = :password');
- $query->parameters(array(
- ':session'=> Session::instance()->id(),
- ':username'=>Database::instance()->quote('BlackScorp/;SELECT * FROM user;--'),
- //':username'=>'BlackScorp/;SELECT * FROM user;--',
- ':password' => 'mycoolpassword'
- ));
- $query->execute();
- echo $query->__toString();
- //echo gives UPDATE user SET session = 'siav2s8oc5sk0fd7bdh27to4f5' WHERE username = '\'BlackScorp/;SELECT * FROM user;--\'' AND password = 'mycoolpassword' if i quote it
- //without quote UPDATE user SET session = 'siav2s8oc5sk0fd7bdh27to4f5' WHERE username = 'BlackScorp/;SELECT * FROM user;--' AND password = 'mycoolpassword'
Add Comment
Please, Sign In to add comment