I want to do a demo for a login page that is vulnerable to SQL injection for training purposes. I already tried to build one using PHP and MySQL. I commented the code sanitation to make the page vulnerable.
The login page code is this:
//step 1a: sanitise and store data into vars (storing encrypted password)
//$usr = mysqli_real_escape_string($dbc, htmlentities($_POST['u_name']));
//$psw = SHA1($_POST['u_pass']) ; //using SHA1() to encrypt passwords
$usr = $_POST['u_name'];
$psw = $_POST['u_pass'] ;
//step2: create query to check if username and password match
$q = "SELECT * FROM users WHERE userName='$usr' AND password='$psw' ";
//step3: run the query and store result
$res = mysqli_query($dbc, $q);
Then, I tried to enter this in the user name and password fields:
' or '1' = '1
However, the web page tells me the user name and password is wrong. How can I make SQL injection work?