Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(!defined('_VALID_ACCESS')) die('direct access is not allowed.');
- include('includes/connect.php');
- function login($username, $password)
- {
- $username = trim($username);
- $password = trim($password);
- echo $username;
- echo $password;
- $login_sql = "SELECT * FROM user WHERE user = '".($username)."'
- AND pass = '".(md5($password))."'";
- $login_result = $mysqli->query($login_sql) or die(mysqli_error());
- $row=$login_result->fetch_row();
- if($row[0] == 1)
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- ?>
- <?php
- $db_name = "coolmates";
- $db_server = "localhost";
- $db_user = "justron";
- $db_pass = "Justron9004";
- $mysqli = new MySQLi($db_server, $db_user, $db_pass, $db_name) or die(mysqli_error());
- ?>
- function login($username, $password)
- {
- global $mysqli;
- $username = trim($username);
- $password = trim($password);
- echo $username;
- echo $password;
- $login_sql = "SELECT * FROM user WHERE user = '".($username)."'
- AND pass = '".(md5($password))."'";
- $login_result = $mysqli->query($login_sql) or die(mysqli_error());
- $row=$login_result->fetch_row();
- if($row[0] == 1)
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- $login_result = $mysqli->query("SELECT COUNT(1) result FROM user WHERE user = ? AND pass = ?");
- $login_result->bind_param("ss", $username, md5($password));
- $login_result->execute();
- $login_result->bind_result($count);
- $login_result->fetch();
- if ($count == 1) {
- // success
- } else {
- // failure
- }
- ' or true or '' = '
- select 'hello' = '' or true or '' = '' and 'world' = '1';
Add Comment
Please, Sign In to add comment
