diff --git a/app.py b/app.py
index 07e24dd..c42ddc8 100644
--- a/app.py
+++ b/app.py
@@ -1,7 +1,7 @@
-from flask import Flask, render_template, request, url_for, flash, redirect
+from flask import Flask, render_template, request, url_for, flash, redirect, g
 import sqlite3
 
-connection = sqlite3.connect('my_database.db')
+connection = sqlite3.connect('database.db')
 cursor = connection.cursor()
 cursor.execute('''
     CREATE TABLE IF NOT EXISTS Users (
@@ -11,13 +11,25 @@ cursor.execute('''
     )
 ''')
 cursor.execute('SELECT * FROM Users where login = "admin"')
-user = cursor.fetchone()
-if not user:
+if not cursor.fetchone():
     cursor.execute('INSERT INTO Users (login, password) VALUES (?, ?)', ('admin', '12345678'))
 connection.commit()
 
 app = Flask(__name__)
 app.config['SECRET_KEY'] = 'ca4ac4ada05f91a5790d2132992bfaed86df15c4d08f2dfe'
+DATABASE = 'database.db'
+
+def get_db():
+    db = getattr(g, '_database', None)
+    if db is None:
+        db = g._database = sqlite3.connect(DATABASE)
+    return db
+
+@app.teardown_appcontext
+def close_connection(exception):
+    db = getattr(g, '_database', None)
+    if db:
+        db.close()
 
 @app.route("/")
 def index():
@@ -28,6 +40,14 @@ def sql():
     if request.method == 'POST':
         login = request.form['login']
         password = request.form['pass']
+        cursor = get_db().cursor()
+        cursor.execute(f'SELECT * FROM Users where login == "{login}"')
+        user = cursor.fetchone()
+        if not user:
+            return render_template('sql-injection.html', error='catmeow')
+        if password != user[2]:
+            return render_template('sql-injection.html', error=':p')
+        return render_template('sql-injection.html', success="popacool")
     return render_template('sql-injection.html')
 
 @app.route("/found-me")
diff --git a/static/index.css b/static/index.css
index 611ed30..e9d50ef 100644
--- a/static/index.css
+++ b/static/index.css
@@ -225,6 +225,20 @@
     transform: translate(0, 0.2em);
 }
 
+#error {
+    bottom: 1.5%;
+    right: 10%;
+    position: absolute;
+    background-color: red;
+}
+
+#success {
+    bottom: 1.5%;
+    right: 10%;
+    position: absolute;
+    background-color: green;
+}
+
 body {
     background-image: url(/static/imgs/bg.gif);
     width: 100vw;
diff --git a/templates/sql-injection.html b/templates/sql-injection.html
index c1f7f5b..cace254 100644
--- a/templates/sql-injection.html
+++ b/templates/sql-injection.html
@@ -12,7 +12,7 @@
         </div>
 
         <div class="sql-input divv">
-            <form action="auth-data" method="post" class="simpletext">
+            <form action="sql-injection" method="post" class="simpletext">
                 <div class="small-container" ><p>Login   : </p> <input type="text" name="login" class="inpt" /></div>
                 <div class="small-container"><p>Password:</p> <input type="password" name="pass" class="inpt"/></div>
                 <input type="submit" value="Submit" class="btn1" />
@@ -30,8 +30,17 @@
                 <!--    <a href="">lfi</a>-->
         </nav>
     </div>
+{% if error %}
+    <div id="error">
+       <p>{{ error }}</p>
+    </div>
+{% endif %}
 
-
+{% if success %}
+    <div id="success">
+       <p>{{ success }}</p>
+    </div>
+{% endif %}
     <img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}">
 
 </body>