Hello everybody.
I have a little question about the sql injection.
I have this login script, in which I hadn't used the escape char function, so i was trying to hack it but i wasn't able.
I tried different way, but i have always the same sql syntax error.
Here's script, someone can explain me how to do it?
I want specify that i'm doing that only for educational and understanding the mechanism, not hacking a website or other.
regards and sorry for my bad english 🙂
<?php
session_start();
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
$_SESSION['authuser'] = false;
$user = $_POST['user'];
$pass = $_POST['pass'];
include("connection.inc.php");
mysql_select_db($dbname,$conn);
$query = "SELECT user, password FROM utenti WHERE user ='".$user."';";
$result = mysql_query($query,$conn) or die("Errore".mysql_error());
$row = mysql_fetch_array($result);
//echo $row['user']." ".$row['password'];
mysql_close($conn);
if ($row['user'] == $user and $row['password'] == $pass)
{
echo "match found";
$_SESSION['authuser']= true;
header("location: home_frame.php");
}
else
{
echo "Login NON effettuato con successo.";
echo '<html><body><a href= "index.html">Clicca sul link per essere reindirizzato alla pagina di login</a></body><html>';
exit ();
}
?>
