标签: php mysql sql sql-injection
我有这个代码,它似乎很容易受到sql注入。我怎么能保证这个?
mysql_query $query = mysql_query("SELECT * FROM users WHERE username='$username'") or die (mysql_error()); $username = $_POST['username'];