Skip to content

Commit

Permalink
sql injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@sakiran
sakiran committed Aug 26, 2017
1 parent 9edafdc commit 8bbdf21
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions php/login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password received from loginform
$username = mysqli_real_escape_string($dbconfig, $_POST['username']);
//$username = $_POST['username'];
$password = mysqli_real_escape_string($dbconfig, $_POST['password']);
//$password = $_POST['password'];
//$username = mysqli_real_escape_string($dbconfig, $_POST['username']);
$username = $_POST['username'];
//$password = mysqli_real_escape_string($dbconfig, $_POST['password']);
$password = $_POST['password'];
//keerthana ' or username = 'keerthana
$sql_query = "SELECT userid FROM usermanagement WHERE username='$username' and password='$password'";
$result = mysqli_query($dbconfig, $sql_query);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
Expand Down

0 comments on commit 8bbdf21

Please sign in to comment.