Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $user = (!empty($_POST['user'])) ? $_POST['user'] : '';
- $pass = (!empty($_POST['pass'])) ? $_POST['pass'] : '';
- $res = mysql_query("SELECT * from users where user='{$user}' AND pass='{$pass}'");
- $res = mysql_query("SELECT * from users where user='foo' -- ' AND pass=''");
- $res = mysql_query("SELECT * from users where user='foo' OR (DROP TABLE users) -- ' AND pass=''");
- $res = mysql_query("SELECT * from users where user='foo'; DROP TABLE users -- ' AND pass=''");
- For both username and password, I enter:
- ' OR 1=1 AND '}' '=
- $user = (!empty($_POST['user'])) ? $_POST['user'] : '';
- $pass = (!empty($_POST['pass'])) ? $_POST['pass'] : '';
- $user = mysql_real_escape_string($user);
- $pass = msyql_real_escape_string($pass);
- $res = mysql_query("SELECT * from users where user='{$user}' AND pass='{$pass}'");
Add Comment
Please, Sign In to add comment