You can check the code and know if it is vulnerable about SQL injection. Run code in your host will be easy to understand what happens.

the problem is I tried 4 times to set it up on a remote and a local Server. Sometimes it just throws an error, that I basically fixed, but still refuses to run, or it just is a blank page like if the PHP code isn’t executed.
Injection I’ve tried 3 days in a row now with the demo version hosted here …
I don’t know how to go on, neither GET nor POST Data manipulation has worked for me …
the most Data like username is POST and something like forgot is GET I know that, but nothing really brings me further
I understand completely how the Database is set up and how it interacts with the form, but maybe I’m just too unconcentrated to find the solution :(