First, a reminder to several (including some in this thread) that top-posting is against the law here.
On Wed, Jul 8, 2009 at 09:48, Martin Scotta<martinsco...@gmail.com> wrote: > $sql = 'SELECT * FROM your-table WHERE username = \''. $username .'\' > and passwd = md5( concat( \'' . $username .'\', \'@\', \'' . $password > .'\'))'; Second, another, more important reminder: <?php $username = '" OR 1 OR "'; ?> Since the first rows in a database are usually the default administrator logins, the first to match what is basically a 'match if this is a row' statement will be logged in. The moral of the story: don't forget to clean your input (which I'm sure ya'all were doing.... but with top-posters, you never know ;-P). -- </Daniel P. Brown> daniel.br...@parasane.net || danbr...@php.net http://www.parasane.net/ || http://www.pilotpig.net/ Check out our great hosting and dedicated server deals at http://twitter.com/pilotpig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php