Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...
Posted
by artmania
on Stack Overflow
See other posts from Stack Overflow
or by artmania
Published on 2010-03-29T18:04:42Z
Indexed on
2010/03/29
18:13 UTC
Read the original article
Hit count: 315
Hi friends,
I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below:
function process_login()
{
$username = mysql_real_escape_string($this->input->post('username'));
$password = mysql_real_escape_string(MD5($this->input->post('password')));
//Check user table
$query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password));
if ($query->num_rows() > 0)
{
// success login data
Am I using the mysql_real_escape_string wrong? or what?
Appreciate helps!
© Stack Overflow or respective owner