<?php $mysql = array(); $db = mysqli_init(); $db->real_connect('localhost', 'myuser', 'mypass', 'mydb'); /* SQL Injection Example */ $_POST['username'] = chr(0xbf) . chr(0x27) . ' OR username = username /*'; $_POST['password'] = 'guess'; $mysql['username'] = addslashes($_POST['username']); $mysql['password'] = addslashes($_POST['password']); $sql = "SELECT * FROM users WHERE username = '{$mysql['username']}' AND password = '{$mysql['password']}'"; $result = $db->query($sql); if ($result->num_rows) { /* Success */ } else { /* Failure */ } ?>
You have javascript disabled. You will not be able to edit any code.