$login = $_REQUEST["login"];$login = xmli($login);$password = $_REQUEST["pas

1. $login = $_REQUEST["login"];
2. $login = xmli($login);
3. $password = $_REQUEST["password"];
4. $password = xmli($password);
5. // Loads the XML file
6. $xml = simplexml_load_file("passwords/heroes.xml");
7. // XPath search
8. $result = $xml->xpath("/heroes/hero[login='" . $login . "' and password='" . $password . "']");
9. [login='" . $login . "' and password='" . $password . "']
10. [login='' and password='']
11. [login='whatever'' and password='']
12. [login='whatever' or 1=1' and password='']
13. [login='whatever' or 1=1' and password='']
14. [login='whatever' or 1=1 or '' and password='']
15. whatever' or 1=1 or '