<?php
// We didn't check $_POST['password'], it could be anything the user wanted! For example:
$username = 'aidan';
$password = "' OR ''='";
$username1 = mysql_real_escape_string('aidan');
$password1 = mysql_real_escape_string("' OR ''='");
// Query database to check if there are any matching users
$query = "SELECT * FROM users WHERE user='$username' AND password='$password'";
// This means the query sent to MySQL would be:
echo $query;
?>
Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /in/G3BrY:6
Stack trace:
#0 {main}
thrown in /in/G3BrY on line 6
Process exited with code 255.
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in /in/G3BrY:6
Stack trace:
#0 {main}
thrown in /in/G3BrY on line 6
Process exited with code 255.
Fatal error: Call to undefined function mysql_real_escape_string() in /in/G3BrY on line 6
Process exited with code 255.
Output for 4.3.2 - 4.3.11, 4.4.0 - 4.4.9
Warning: mysql_real_escape_string(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /in/G3BrY on line 6
Warning: mysql_real_escape_string(): A link to the server could not be established in /in/G3BrY on line 6
Warning: mysql_real_escape_string(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /in/G3BrY on line 7
Warning: mysql_real_escape_string(): A link to the server could not be established in /in/G3BrY on line 7
SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''
Output for 4.3.0 - 4.3.1
Warning: mysql_real_escape_string() [http://www.php.net/function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /in/G3BrY on line 6
Warning: mysql_real_escape_string() [http://www.php.net/function.mysql-real-escape-string]: A link to the server could not be established in /in/G3BrY on line 6
Warning: mysql_real_escape_string() [http://www.php.net/function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /in/G3BrY on line 7
Warning: mysql_real_escape_string() [http://www.php.net/function.mysql-real-escape-string]: A link to the server could not be established in /in/G3BrY on line 7
SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''