SQL Injection

it makes sure, the line ends there. For example, if you wanna find out how many rows a DB has, you could use the "order by" or "union all select" command. But if the following Numbers do end without the double dash, your line would just be ignored and continued until the actual line ends. So you'll have to make sure, the line ends exactly there .. with a double dash. But you're right, it's unusually used in that kind of injection. But Interesting ... will keep me busy for a while ^^

This man is God, lol, --- "Oh you can see she was born in 74!"

and now your in jail for sharing this on youtube... YAY your great

凄いですね！
参考になります

@schnepman1993 So useless...

nope.
You are only able to crack MD5 with brute force or word lists. Another way of protection against sql-injection is to put the posted vars in mysql_real_escape_string(). Like this:
$_POST["password"] = mysql_real_escape_string($_POS T["password"]);

who knows, it's not like Earth's short of dumb people

save it to the pc, then use an editing program (even Notepad is ok)

What was the code on the Username and password?

It's amazing how easily one can hack a site. I never thought about the offline thing and editing the html code.