Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- mysqli_query("SELECT email, passwd, login_id, full_name FROM members WHERE email = 'x'; DROP TABLE members; --'");
- <?php
- // Prevent errors from showing
- error_reporting(0);
- // Connect the db
- require '../../connect_db.php';
- if (isset($_POST['UserName'], $_POST['UserPass'] ) ) {
- // Grab user Input
- $UserName = $_POST['UserName'];
- $UserPass = $_POST['UserPass'];
- // The passwords in this case are stored in the clear. This is an early example.
- // BINARY is used to force matching case.
- $query = "SELECT * FROM users WHERE UserName='".$UserName."' AND BINARY UserPass='".$UserPass."'";
- $result = mysqli_query($db, $query)
- or die("Error: " . mysqli_error($db));
- // Echo out the table row(s)
- while($row = mysqli_fetch_array($result)) {
- echo '<tr class="query-result">'; // Class is added so that jQuery can remove old ones
- echo '<td>' . $row['UserId'] . '</td>';
- echo '<td>' . $row['UserName'] . '</td>';
- echo '<td>' . $row['UserPass'] . '</td>';
- echo '<td>' . $row['UserRole'] . '</td>';
- echo '</tr>';
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement