That code is vulnerable to SQL injection. Anybody can login without a
password with that code.
On Friday, 12 February 2016 04:21:50 UTC-6, prashant joshi wrote:
>
> *This is in java*
>
> String user = req.getParameter("userName");
> String pass = req.getParameter("userPassword");
>
> pw.print("<font face='verdana'>");
>
> if (user.equals("select * from login where userId="+user+"and password"+pass)
> )
> pw.println("Login Success...!");
> else
> pw.println("Login Failed...!");
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
