I'm attempting to create a simple php page that demonstrates SQL injection.
<?php
...
if ($_POST) {
$user = $_POST['user'];
if ($result = $db->query("SELECT * FROM users WHERE username ='" . $user . "'")) {
// display result array
} else {
// invalid query
}
}
...
?>
The code I am injecting into the html input is whatever" OR 1=1; DROP TABLE users; --
but it always triggers the invalid query block. How can I trick the script into thinking this SQL is valid?