PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
create table scientist (id integer, firstname varchar(100), lastname varchar(100), password varchar(8)); insert into scientist (id, firstname, lastname, password) values (1, 'albert', 'einstein', 'emc2'); insert into scientist (id, firstname, lastname, password) values (2, 'isaac', 'newton', 'force'); insert into scientist (id, firstname, lastname, password) values (3, 'marie', 'curie', 'glowin'); SELECT * FROM scientist
Copy Clear
Copy Format Clear
<?php $username = "albert'#"; $password = "1234"; // Run query using prepared statement in mysqli $query = "SELECT * FROM scientist WHERE firstname = ? AND password = ? OR 1=1"; $stmt = $mysqli->prepare($query); $stmt->bind_param("ss", $username, $password); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); if($result->num_rows > 0 ) { list($id, $firstname, $lastname, $password) = mysqli_fetch_array($result); echo "successfully logged in ..."."\r\n"; echo "Welcome " . "$firstname $lastname"."\r\n"; } else { echo "wrong username or password"."\r\n"; } ?>
Show:  
Copy Clear