Sql Injection Question – Easy

I have a site I want to do very basic SQL injection testing on (basically teach me)

<?php
if($_POST)
{
extract($_POST);
$q = “SELECT username FROM `users` WHERE username=’$username’ AND password=’$password'”;
}
?>

This code is in the page of a login form. Teach/show me how I can inject sql into this, to change it to something like…

$q = “SELECT username from `users` WHERE username!=””;
or
$q = “SELECT username from `users` where username=’bob'”;

I know this is probably pretty basic, so lowest bid that can give me a working example, or show me how to do it will get the bid. If you are the first person to provide a working example in the PMB, I will select your bid.

Leave a Reply

Your email address will not be published. Required fields are marked *