X
$sql = "SELECT * FROM users
WHERE user = $user
AND pass = $pass";
- Eingabe: user = "admin ' or 'foo' = 'foo' --"
- also: $mysql['user'] = mysql_real_escape_string($clean['user']);