3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php // We didn't check $_POST['password'], it could be anything the user wanted! For example: $username = 'aidan'; $password = "' OR ''='"; // Query database to check if there are any matching users $query = "SELECT * FROM users WHERE user='$username' AND password='$password'"; // This means the query sent to MySQL would be: echo $query; ?>
based on i3Ded
Output for 4.3.0 - 7.2.0
SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''