The basic attack is log in form bypassing which has already been discussed in a couple of previous posts. In this type of SQL injection we inject queries like 1‘OR’1‘=’1 etc. in the user name and password fields.
The code which is used in these types of websites that can be easily
Worked around through the above said queries Apart from this the user can also delete the database by executing "' drop table database; --".
The code below allows the queries
You will have to use mysql_real_escape_string in the php code
Here is the PHP code.
Here is the PHP code that you can copy and paste.
$badword = "' OR 1 '";
$badword = mysql_real_escape_string($badword);
$message = "SELECT * from database WHERE password = "'$badword'";
echo "Blocked " . $message . ";
Hope this was useful please like subscribe and follow.