puzza

<?php

$uname = "1' OR 1='1";
$pass;

//cose per databeis
$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die($conn->connect_error . "sei gay");
}

//esegue la qwerty
$sql = "SELECT pass FROM dio WHERE Username='" . $uname . "'";
// SELECT pass FROM dio WHERE Username='1' OR 1='1'";

$insertquery="SELECT pass FROM dio WHERE Username='?'";
$stmt = $conn->prepare($insertquery);
$stmt->bind_param('s', $uname);
$stmt->execute();
if ($stmt->error) {
    echo "ERRORE:";
    die ($stmt->error);
}else {
    echo "ok"
}
$stmt->close();

if ($uname == "1' OR 1='1"){
    die("esplodi finocchio");
}
$result = $conn->query($sql);

//funzia solo se selezioni Ѡ
if ($result->num_rows > 0) {

    /** Table: `dio`
     * +----------T---------T----------+
     * | Username | Cognome | pass     |
     * +----------+---------+----------+
     * | Dav      | Zac     | Did      |
     * | MV       | P       | doen     |
     * | Ang      | Cat     | dado     |
     * ڞڞڢگڵڞڞڢگڵڞڞڢگڵڞڞڢگڵ
     * +----------+---------+----------+
     */
    //¿ hola ?
    $arr = [];
    //$i = 0;

    //while che ti fa stare dentro a letizia
    while (($row  = $result->fetch_assoc()) != null ) {
       /*
        $arr[$i] = $result->fetch_assoc();
        $i++;

        cosi funzia?
        scusa sono autistico  ö
        ah ok        */
        array_push($arr, $row["name"] . " " . $row["surname"]);
    }
} else {
    echo "No results found.";
}


function ڞڞڢگڵ() {
    $saso = 'ڞڞڢگڵ';
    return "che merda";
}

?>