You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just tried your SQL injection and - voila - everything is escaped perfectly, no injection possible. But i totally agree to the point that prepared statements would be "better", but most php people still don't use them and have problems on using them. I will think about this...
Oops, I misread the registration page. In which case, let’s just turn this into “outputting user details will come out SQL-escaped”, e.g. Ryan O'Hara → Ryan O\'Hara.
Please just use parametrized queries. Ignoring registration for the moment, what if someone logs in with this username?
Impersonate any user, yay. (The password is
hello
, by the way.)The text was updated successfully, but these errors were encountered: