Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...

Posted by artmania on Stack Overflow See other posts from Stack Overflow or by artmania
Published on 2010-03-29T18:04:42Z Indexed on 2010/03/29 18:13 UTC
Read the original article Hit count: 315

Filed under:
|
|
|
|

Hi friends,

I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below:

    function process_login()
{
    $username = mysql_real_escape_string($this->input->post('username'));    
    $password  = mysql_real_escape_string(MD5($this->input->post('password')));

    //Check user table
    $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password));

    if ($query->num_rows() > 0)
    {
        // success login data

Am I using the mysql_real_escape_string wrong? or what?

Appreciate helps!

© Stack Overflow or respective owner

Related posts about codeigniter

Related posts about sql-injection