Hi! Could we please enable some services and cookies to improve your experience and our website?
Online Sandbox for SQL and PHP: Write, Run, Test, and Share SQL Queries and PHP Code
CREATE TABLE `users` (
`username` varchar(64) DEFAULT NULL,
`password` varchar(64) DEFAULT NULL
);
INSERT INTO users (username,password) values ('USERA','PASS');
INSERT INTO users (username,password) values ('USERB','PASS');
<?php
use Carbon\Carbon;
function checkCredentials($link,$usr,$pass){
$test = "natas28 ";
$test2=mysqli_real_escape_string($link, $test);
echo "=> [".$test2."]\n";
$user=mysqli_real_escape_string($link, $usr);
$password=mysqli_real_escape_string($link, $pass);
$query = "SELECT username from users where username='$user' and password='$password' ";
echo "SQL : " . $query . "\n";
$res = mysqli_query($link, $query);
if(mysqli_num_rows($res) > 0){
return True;
}
return False;
}
if (checkCredentials($mysqli, "USERA", "\' OR 1=1")) {
echo "FOUND USER!";
} else {
echo "NOT FOUND USER!";
}