Home/ Blog/ SQL Injection
article_sqli.hero.eyebrow

article_sqli.hero.h1

article_sqli.hero.date · article_sqli.hero.read_time article_sqli.hero.tag

article_sqli.content.intro

article_sqli.content.h2_1

article_sqli.content.p_1

article_sqli.content.p_2

article_sqli.content.h2_2

article_sqli.content.p_3

$user = $_POST['usuario'];
$pass = $_POST['password'];

$query = "SELECT * FROM usuarios
  WHERE usuario = '$user'
  AND password = '$pass'";

article_sqli.content.code_comment_1

article_sqli.content.p_4

SELECT * FROM usuarios WHERE usuario = 'admin' AND password = '1234'

article_sqli.content.p_5

admin' --

article_sqli.content.p_6

SELECT * FROM usuarios WHERE usuario = 'admin' --article_sqli.content.code_comment_2

article_sqli.content.p_7

article_sqli.content.h2_3

article_sqli.content.h2_4

article_sqli.content.h2_5

article_sqli.content.h3_1

article_sqli.content.p_8

$stmt = $pdo->prepare(
  "SELECT * FROM usuarios
   WHERE usuario = ? AND password = ?"
);

$stmt->execute([$user, $pass]);

article_sqli.content.code_comment_3

article_sqli.content.h3_2

article_sqli.content.p_9

article_sqli.content.h3_3

article_sqli.content.p_10

article_sqli.content.h3_4

article_sqli.content.p_11

article_sqli.cta.eyebrow

article_sqli.cta.title

article_sqli.cta.desc

article_sqli.cta.btn_1 article_sqli.cta.btn_2
Kodia Asistente
En línea
Hi! 👋 I'm Kodia's assistant. How can I help you?