aboutsummaryrefslogtreecommitdiff
path: root/examples-secure/sql-injection/login.php
diff options
context:
space:
mode:
Diffstat (limited to 'examples-secure/sql-injection/login.php')
-rw-r--r--examples-secure/sql-injection/login.php25
1 files changed, 25 insertions, 0 deletions
diff --git a/examples-secure/sql-injection/login.php b/examples-secure/sql-injection/login.php
new file mode 100644
index 0000000..f0340e3
--- /dev/null
+++ b/examples-secure/sql-injection/login.php
@@ -0,0 +1,25 @@
+<?php
+ class MyDB extends SQLite3 {
+ function __construct() {
+ $this->open('users.db');
+ }
+ }
+
+ if(isset($_POST['email'], $_POST['pass']))
+ {
+ $email = $_POST['email'];
+ $pass = $_POST['pass'];
+
+ $db = new MyDB();
+
+ $sql = $db->prepare('SELECT * FROM Users WHERE email=:email AND password=:pass');
+ $sql->bindValue(':email', $email, SQLITE3_TEXT);
+ $sql->bindValue(':pass', $pass, SQLITE3_TEXT);
+
+ $ret = $sql->execute();
+ while($row = $ret->fetchArray(SQLITE3_ASSOC)) {
+ echo 'Logged in as '.$row['email'].'<br>';
+ }
+ $db->close();
+ }
+?>