Arama Sonuçları ‘mysql_real_escape_string’

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>mysql_real_escape_string</title>
</head>
<body>
<form name="form1" action="" method="post">
Kullanıcı adı:<input type="text" name="kullanici_adi" value="" /> <br />
Şifre<input type="password" name="sifre" value="" /> <br />
<input type="submit" value="gönder" name="gonder" /></div>
</body>
</html>

$_POST['kullanici_adi'] = 'zihni';
$_POST['sifre'] = "' OR ''='";

<?php
$sorgu = "SELECT * FROM kullanicilar
WHERE kullanici_adi='{$_POST['kullanici_adi']}' AND sifre='{$_POST['sifre']}'";
 
$sonuc = mysql_query($sorgu) or die(mysql_error());
$satir = mysql_fetch_array($sonuc);
echo $satir['kullanici_adi'];
?>

SELECT * FROM kullanicilar WHERE kullanici_adi='zihni' AND sifre='' OR ''=''

<?php
$sorgu = sprintf("SELECT * FROM kullanicilar
WHERE kullanici_adi='%s' AND sifre='%s'",
mysql_real_escape_string($_POST['kullanici_adi']),
mysql_real_escape_string($_POST['sifre']) );
 
$sonuc = mysql_query($sorgu) or die(mysql_error());
$satir = mysql_fetch_array($sonuc);
echo $satir['kullanici_adi'];
echo $sorgu;
?>

SELECT * FROM kullanicilar WHERE kullanici_adi='zihni' AND sifre='\' OR \'\'=\''