Open enzoangu opened 2 years ago
How to fix it ? This way ?
<?php
function BlockSQLInjection($str)
{
return str_replace(array("'",""","'",'"'),array("'","""'",""",$str));
}
?>
Then
<?php
$userName=BlockSQLInjection($_POST['userName']);
$password=BlockSQLInjection($_POST['password']);
?>
" and 1 == 1