Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set("display_errors",1);
- if($_SERVER['REQUEST_METHOD'] == 'POST') {
- $usuario = $_POST['usuario'];
- $senha = $_POST['senha'];
- $root = 'root';
- $password= '1111';
- $conn = new PDO('mysql:host=localhost;dbname=fail', $root, $password);
- $sql = "SELECT * FROM login WHERE usuario=:usuario AND senha=:senha;";
- $stmt = $conn->prepare( $sql );
- $stmt-> bindParam( ':usuario', $usuario );
- $stmt-> bindParam( ':senha', $senha );
- $result = $stmt->execute();
- if ( !$result ) {
- throw new Error($stmt->errorInfo());
- }
- else {
- header("location: admin2.php");
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <title>SQL Injection</title>
- </head>
- <body>
- <form action="index2.php" method="POST">
- <h1>SQL Injection - Teste</h2><br>
- Usuário:<br>
- <input type="text"
- name="usuario"><br>
- Senha:<br>
- <input type="text"
- name="senha"><br>
- <input type="submit" value="Login">
- </Form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement