All Questions
6 questions
-1votes
1answer
149views
Can this be bypassed with SQL Injection?
This is my php code: $uname = $_POST['username']; $pwd = md5($_POST['password']); $sql = "SELECT * FROM `user` WHERE username = '$uname' AND password = '$pwd'"; My friend gave me this code but I’d ...
1vote
1answer
1kviews
SQL queries using SQL Injections do not work as I think they should
I am trying to learn about SQL Injections. I have created a login form using PHP (I am quite new to PHP) as backend scripting language and MySQL as DBMS. Last day I asked a question about SQL ...
- 175
3votes
1answer
2kviews
SQL injection vulnerability when using prepared statements in PHP
I've been studying prepared statements and implemented it in my first login. I used a prepared statement for the SQL query and am wondering if this is enough to ward off most SQL injections? Since ...
2votes
4answers
23kviews
SQL Injection with pass MD5
I want to know, if in my login form there is any SQL injection possible. If there is, what could the exploit's web form entry look like? I send username and password by html form (POST). The login ...
- 29
9votes
3answers
41kviews
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web. I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like? This is ...
- 101
5votes
2answers
1kviews
Could this login form be "hacked" to allow access?
We have this legacy website which has horrendous code in it. I have just been looking through the login form/code and can see un-sanitised sql queries. E.g. in a nutshell: $email=$_POST['email']; $...
