Daedalus Corp. has increased the security of their login prompt. Is it possible to work around their new defenses?

hint:Pretend the mysqli_real_escape_string in lookup_user.php isn't there and try doing your standard UNION SQL injection. What does the query end up looking like?

http://web2014.picoctf.com/injection3/