Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // do not show any errors to the end user
- ini_set('display_errors', 'Off');
- error_reporting(E_ALL | E_STRICT);
- echo "<html>";
- if (isset($_POST["username"]) && isset($_POST["password"])) {
- $servername = "localhost";
- $username = "sqli-user";
- $password = 'AxU3a9w-azMC7LKzxrVJ^tu5qnM_98Eb';
- $dbname = "SqliDB";
- $conn = new mysqli($servername, $username, $password, $dbname);
- if ($conn->connect_error){
- die("Connection failed");
- }
- $user = $_POST['username'];
- $pass = $_POST['password'];
- $sql = "SELECT * FROM login WHERE User=? AND Password=?";
- // prepare statement template
- $stmt = $conn->prepare($sql);
- // bind statement parameters
- $stmt->bind_param("ss", $user, $pass);
- // execute the prepared statement
- $stmt->execute();
- // get the resultset
- $result = $stmt->get_result();
- // check if only one row was returned
- if ($result->num_rows === 1){
- while($row = $result->fetch_assoc()) {
- echo "You logged in as " . $row["User"];
- echo "<html>You logged in as " . $row["User"] . "</html>\n";
- }
- } else {
- echo "Sorry to say, that's invalid login info!";
- }
- $stmt->close();
- $conn->close();
- } else {
- echo "Must supply username and password...";
- }
- echo "</html>";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement