Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $server_addr="localhost";
- $server_user="root";
- $server_pass="";
- $dbname="injection";
- function dbconnect(){
- $conn= new mysqli($GLOBALS['server_addr'],$GLOBALS['server_user'],$GLOBALS['server_pass'],$GLOBALS['dbname']);
- if ($conn->connect_errno){
- return False;
- }
- else{
- return $conn;
- }
- }
- function statementop($db,$username,$password){
- #return "I" if injection is detected
- #return "S" if successfull
- #return "F" if user not found
- $statement=$db->prepare("SELECT username,password FROM users WHERE username=? AND password=?;");
- $statement->bind_param("ss",$username,$password);
- $statement->execute();
- $result = $statement->get_result();
- if($result){
- while ($row = $result->fetch_array(MYSQLI_ASSOC))
- {
- if($row["username"]==$username && $row["password"]==$password){
- return "S";
- }
- else{
- return "F";
- }
- }
- }
- $result->free();
- $statement->close();
- /*if(is_null($result)){
- return "S";
- }
- else{
- return "F";
- }
- }*/
- $statement->close();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement