$sel1 = mysql_query ("SELECT ID, name, locale, lastlogin, gender,
FROM USERS_TABLE
WHERE (name = '$user' OR email = '$user') AND pass = '$pass'");
$chk = mysql_fetch_array($sel1);
if (found one record)
then {allow the user to login}`
The question is that try to login with username admin');#", then you will find that you logged in as the user admin! Question asks what each special character purpose in sql injection. , ) ; # "
Thanks!
This value:
admin');#
would terminate the SQL statement after the string "admin" and treat everything after as a comment. So this:
SELECT ID, name, locale, lastlogin, gender,
FROM USERS_TABLE
WHERE (name = '$user' OR email = '$user') AND pass = '$pass'
essentially becomes this:
SELECT ID, name, locale, lastlogin, gender,
FROM USERS_TABLE
WHERE (name = 'admin')
A record is found and the system happily continues on its way, having logged the user in as 'admin'
because the query successfully found that record.