user[]=a&pwd=b
, user=a&pwd[]=b
, user[]=a&pwd[]=b
SELECT id, username, left(password, 8) AS snipped_password, email FROM accounts WHERE username='admin' AND``
password=password=1
;
which makes the password bit to be always true."password":{"password": 1}
to bypass the login."stringifyObjects":true
option when calling mysql.createConnection
will eventually block all unexpected behaviours when Object
is passed in the parameter.<input autocomplete="false"