Skip to content

Instantly share code, notes, and snippets.

@dongilbert

dongilbert/sqlnono.php

Created September 5, 2012 21:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dongilbert/3644943 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dongilbert/3644943 to your computer and use it in GitHub Desktop.
Download ZIP
How NOT to use SQL
Raw
sqlnono.php
<?php
$sql = sprintf( "SELECT `Password`, `DealerID`
FROM `DLMAST`
WHERE `DealerID` = %d
AND LOWER(`Password`) = '%s'",
mysql_real_escape_string( $_POST['Username'] ),
mysql_real_escape_string( strtolower( $_POST['Password'] ) ) );
$db->Execute( $sql, 'user_pass' );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment