Home/ Questions/Q 9087929
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T21:48:30+00:00

I’m trying to perform an SQL injection on a dummy website created on my

  • 0

I’m trying to perform an SQL injection on a dummy website created on my localhost for a security testing project.

I tried to enter the string " OR "=' into the username and password field so it should bypass it and display Login Correct – But instead it displays login failed

Any help to understand why SQL injection is not working

<?php
    mysql_connect('localhost', 'root', '');
    mysql_select_db('test');

    if(isset($_POST['username'])&&isset($_POST['password'])){
       $username =$_POST['username'];
       $password = $_POST['password'];
       echo $username;
       echo $password;

       if(!empty($username)&&!empty($password)){
          $query ="SELECT id FROM users WHERE username = '$username' AND password = '$password'";
          $query_run = mysql_query($query);

          if(mysql_num_rows($query_run)>=1){
              echo 'Login Correct';
          }else{
              echo 'Login Failed';
          }
       }
    }
?>
<form action="test.php" method="POST">
   Username: <input type="text" name="username">
   Password: <input type="text" name="password">
   <input type="submit" value="Submit">
</form>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your injection string should be like this:

    Username and password:

    ' or '1' = '1

    Username (often) or password: (It depends on which one come first in the query)
    # comments rest of the query.

    ' or '1'='1' #

    For more information about SQL injection, you can check out this perfect url:
    The SQL Injection Knowledge Base

    • 0