Week 1 - SQL Injection Login

Mission: login as admin without knowing the password.

Class hint: try: ' OR '1'='1' --

Prevention Example

$stmt = $conn->prepare("SELECT * FROM users WHERE username=? AND password=?");
$stmt->bind_param("ss", $username, $password);