<?php
require_once "connect.php";
$connection = @new mysqli($host,$user,$password,$name);
$u_login = $_POST['login'];
$u_password = $_POST['password'];
$sql="SELECT * FROM login WHERE login=\"$u_login\" AND password=\"$u_password\"";
$action = @$connection->query($sql));
$connection->close();
?>
>why doesn't it work?
http://176.119.58.114/krzysztak/
>>62196286
I'm not falling for ur botnet, thanks
>>62196286
> SELECT *
> no PDO
> reading straight from the form
Oh my fucking god you deserve to be put down like the fucking animal you are
Hell
At least use msqli prepare
>>62196286
don't know abaout mysql in detail but aren't strings delimited by ' ?
also use the input of the others
>>62196286
>not hashing your passwords
>not using code blocks on 4chan
>no csrf check
>no sql injection prevention
Jesus Christ Pajeet.
>>62196286
It asked me to log in so I tried to sign into my 4chan account and nothing happened, what is this?
With that code anybody can hack you database. Perhaps this is some kind of honeypot.