Closed ConradBunton closed 6 years ago
Since the code doesn't use prepared statements, I'd suggest using $login instead of $_POST['login'] in the SQL on line 26 as well.
Edit: ignore: I only saw the initial PR, not the update
@ryanschulze Good catch. And yes I noticed it too when I updated the pull request as well.
Fix SQL hack vulnerability