Posting a username like
a' OR 1=1;
Short circuits the whole deal... The SQL statement will become:
SELECT r34ln4m3 FROM 1nside0ut WHERE
md5(l0gn4m3)=’a’ OR 1=1; AND entryw41=’$passwd’;
If he'd done something like:
$username = md5($_POST["username"]);
$passwd = md5($_POST["passwd"]);
$md5_un=calc_md5($username);
$md5_pw=calc_md5($password);
$query = “SELECT r34ln4m3 FROM 1nside0ut WHERE
l0gn4m3=’$md5_un’ AND entryw41=’$md5_pw’”;
That would have protected him... Unfortunately the guy's rather clueless..