@@ -4,6 +4,7 @@ namespace Blog\DB; | |||
class User extends DB { | |||
// TODO: sql injection attack | |||
public function checkUserPass($user, $pass) { | |||
$sql = "SELECT COUNT(*) as count FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "'"; | |||
$ret = $this->query($sql); |