diff --git a/sql-inject.js b/sql-inject.js new file mode 100644 index 00000000000..2fa5fa1808a --- /dev/null +++ b/sql-inject.js @@ -0,0 +1,23 @@ +app.post('/login', (req, res) => { + +  const { username, password } = req.body; + +  const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`; + +  connection.query(query, (err, results) => { + +    if (err) throw err; + +    if (results.length > 0) { + +      res.json({ success: true, user: results[0] }); + +    } else { + +      res.status(401).json({ success: false, message: 'Invalid credentials' }); + +    } + +  }); + +});