Advertisement
ScottHelme

SQL Injection Test - Login Form

Jul 21st, 2013
1,090
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 0.81 KB | None | 0 0
  1. <!DOCTYPE html>
  2. <html><body>
  3.  
  4. <h1>SQL Injection Test Site</h1>
  5. <h2>Login Form</h2>
  6.  
  7. <form action="" method="post">
  8. Username: <input type="text" name="username">
  9. Password: <input type="text" name="password">
  10. <input type="submit"></form>
  11.  
  12. <?php
  13. $db = mysql_connect($host, $user, $pass);
  14. if(!$db){
  15.     die('Could not connect: ' . mysql_error());
  16. }else{
  17.     mysql_select_db($database);  
  18. }
  19.  
  20. if(isset($_POST["username"]) && isset($_POST["password"])){
  21.     $username = $_POST["username"];
  22.     $password = $_POST["password"];
  23.     $result = mysql_query("SELECT id FROM customer_data
  24.                 WHERE username = '$username'
  25.                   AND password = '$password'");
  26.     $result = mysql_fetch_assoc($result);
  27.     //we would now process the login if details matched
  28.     echo "Logged in: " . $result['username'];
  29. }
  30. ?>
  31.  
  32. </body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement