$sql_checkpasswd = "SELECT user_id, username, user_password, user_active
FROM " . USERS_TABLE . "
WHERE username = '" . $username . "'" . " AND user_password = '" . md5($password). "'";
Above is how my php code is written. This is for a login page.
How can use sql injection technique to login without knowing password?
Thanks
I tried all possible combinations ' OR '1=1'
' OR '1=1' --
admin');#
and all usual one's.
Error for one of the query: http://prntscr.com/53bmv8
P.s.: I have spent a great deal of time doing research on the subject and tried many different methods, which is why I am posting this question in order to get some help. I'm new at sql injection.