I've read about MySQL injection and how it's done. I have a doubt, how could a login code be attacked if it doenst get data from a database?
This is what my login code looks like:
if($_GET['login'] == "myname" && $_GET['password'] == "mypass"){
echo 'welcome, admin.';
else
echo 'login failed.'
ps: this is for practice sake only, I know hardcoded passwords shouldnt be used.
