Search the web for something called "sql injection" and do some reading.
Database Workbench - development tool for MySQL, and more!
Database development questions? Check the forum!
A user was able to log into my site using:
1' and '1' or '1
in the username and password box.
I ran the query
SELECT * FROM members WHERE name = '1' and '1' or '1' AND password = '1' and
'1' or '1'
And it returned all rows. Can someone explain to me why this happens, and if
the steps I took (replacing the ' with a blank space when the user submits
the login form) is enough to prevent a similar "hack"
Appreciate any feedback.